From f26af7f05dedb1967bd4624e8ab7cbd050a782a2 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Tue, 10 Sep 2013 17:41:54 +0400
Subject: [PATCH] Make headers more safe

---
 src/messenger/webim/operator/agent.php        | 2 +-
 src/messenger/webim/operator/avatar.php       | 4 ++--
 src/messenger/webim/operator/canned.php       | 2 +-
 src/messenger/webim/operator/group.php        | 4 ++--
 src/messenger/webim/operator/groupmembers.php | 2 +-
 src/messenger/webim/operator/login.php        | 2 +-
 src/messenger/webim/operator/operator.php     | 4 ++--
 src/messenger/webim/operator/opgroups.php     | 2 +-
 src/messenger/webim/operator/permissions.php  | 2 +-
 9 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/messenger/webim/operator/agent.php b/src/messenger/webim/operator/agent.php
index 5178677e..4b8a11b0 100644
--- a/src/messenger/webim/operator/agent.php
+++ b/src/messenger/webim/operator/agent.php
@@ -83,7 +83,7 @@ if (!isset($_GET['token'])) {
 	}
 
 	$token = $thread['ltoken'];
-	header("Location: $webimroot/operator/agent.php?thread=$threadid&token=$token&level=$remote_level");
+	header("Location: $webimroot/operator/agent.php?thread=" . intval($threadid) . "&token=" . intval($token) . "&level=" . urlencode($remote_level));
 	exit;
 }
 
diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php
index 3996c92e..d97b389f 100755
--- a/src/messenger/webim/operator/avatar.php
+++ b/src/messenger/webim/operator/avatar.php
@@ -77,7 +77,7 @@ if (!$op) {
 		if ($opId && $avatar && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {
 			$_SESSION["${mysqlprefix}operator"]['vcavatar'] = $avatar;
 		}
-		header("Location: $webimroot/operator/avatar.php?op=$opId");
+		header("Location: $webimroot/operator/avatar.php?op=" . intval($opId));
 		exit;
 	} else {
 		$page['avatar'] = topage($op['vcavatar']);
@@ -86,7 +86,7 @@ if (!$op) {
 } else {
 	if (isset($_GET['delete']) && $_GET['delete'] == "true" && $canmodify) {
 		update_operator_avatar($op['operatorid'], '');
-		header("Location: $webimroot/operator/avatar.php?op=$opId");
+		header("Location: $webimroot/operator/avatar.php?op=" . intval($opId));
 		exit;
 	}
 	$page['avatar'] = topage($op['vcavatar']);
diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php
index 36703d2c..71fead03 100644
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@@ -110,7 +110,7 @@ if (isset($_GET['act']) && $_GET['act'] == 'delete') {
 		$link = connect();
 		perform_query("delete from ${mysqlprefix}chatresponses where id = " . intval($key), $link);
 		mysql_close($link);
-		header("Location: $webimroot/operator/canned.php?lang=$lang&group=$groupid");
+		header("Location: $webimroot/operator/canned.php?lang=" . urlencode($lang) . "&group=" . intval($groupid));
 		exit;
 	}
 }
diff --git a/src/messenger/webim/operator/group.php b/src/messenger/webim/operator/group.php
index c02b673b..691d2158 100644
--- a/src/messenger/webim/operator/group.php
+++ b/src/messenger/webim/operator/group.php
@@ -95,11 +95,11 @@ if (isset($_POST['name'])) {
 	if (count($errors) == 0) {
 		if (!$groupid) {
 			$newdep = create_group($name, $description, $commonname, $commondescription, $email);
-			header("Location: $webimroot/operator/groupmembers.php?gid=" . $newdep['groupid']);
+			header("Location: $webimroot/operator/groupmembers.php?gid=" . intval($newdep['groupid']));
 			exit;
 		} else {
 			update_group($groupid, $name, $description, $commonname, $commondescription, $email);
-			header("Location: $webimroot/operator/group.php?gid=$groupid&stored");
+			header("Location: $webimroot/operator/group.php?gid=" . intval($groupid) . "&stored");
 			exit;
 		}
 	} else {
diff --git a/src/messenger/webim/operator/groupmembers.php b/src/messenger/webim/operator/groupmembers.php
index 9f32fe72..a86097c2 100644
--- a/src/messenger/webim/operator/groupmembers.php
+++ b/src/messenger/webim/operator/groupmembers.php
@@ -74,7 +74,7 @@ if (!$group) {
 	}
 
 	update_group_members($groupid, $new_members);
-	header("Location: $webimroot/operator/groupmembers.php?gid=$groupid&stored");
+	header("Location: $webimroot/operator/groupmembers.php?gid=" . intval($groupid) . "&stored");
 	exit;
 }
 
diff --git a/src/messenger/webim/operator/login.php b/src/messenger/webim/operator/login.php
index 4a9ef81f..286e0c45 100644
--- a/src/messenger/webim/operator/login.php
+++ b/src/messenger/webim/operator/login.php
@@ -30,7 +30,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 	if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password)) {
 
 		$target = $password == ''
-				? "$webimroot/operator/operator.php?op=" . $operator['operatorid']
+				? "$webimroot/operator/operator.php?op=" . intval($operator['operatorid'])
 				: (isset($_SESSION['backpath'])
 					? $_SESSION['backpath']
 					: "$webimroot/operator/index.php");
diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php
index 7557b4b8..82ed0154 100644
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@@ -84,7 +84,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 	if (count($errors) == 0) {
 		if (!$opId) {
 			$newop = create_operator($login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0, "");
-			header("Location: $webimroot/operator/avatar.php?op=" . $newop['operatorid']);
+			header("Location: $webimroot/operator/avatar.php?op=" . intval($newop['operatorid']));
 			exit;
 		} else {
 			update_operator($opId, $login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0);
@@ -97,7 +97,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 					exit;
 				}
 			}
-			header("Location: $webimroot/operator/operator.php?op=$opId&stored");
+			header("Location: $webimroot/operator/operator.php?op=" . intval($opId) . "&stored");
 			exit;
 		}
 	} else {
diff --git a/src/messenger/webim/operator/opgroups.php b/src/messenger/webim/operator/opgroups.php
index d24debd1..842ce0b4 100644
--- a/src/messenger/webim/operator/opgroups.php
+++ b/src/messenger/webim/operator/opgroups.php
@@ -64,7 +64,7 @@ if (!$op) {
 		}
 
 		update_operator_groups($op['operatorid'], $new_groups);
-		header("Location: $webimroot/operator/opgroups.php?op=$opId&stored");
+		header("Location: $webimroot/operator/opgroups.php?op=" . intval($opId) . "&stored");
 		exit;
 	}
 }
diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php
index 57c9d444..39577c47 100755
--- a/src/messenger/webim/operator/permissions.php
+++ b/src/messenger/webim/operator/permissions.php
@@ -62,7 +62,7 @@ if (!$op) {
 		if ($opId && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {
 			$_SESSION["${mysqlprefix}operator"]['iperm'] = $new_permissions;
 		}
-		header("Location: $webimroot/operator/permissions.php?op=$opId&stored");
+		header("Location: $webimroot/operator/permissions.php?op=" . intval($opId) . "&stored");
 		exit;
 	}