Make headers more safe

2025-11-04 02:35:07 +03:00 · 2013-09-10 17:41:54 +04:00 · 2013-09-10 17:41:54 +04:00 · f26af7f05d
commit f26af7f05d
parent b42f5bdd0d
9 changed files with 12 additions and 12 deletions
--- a/src/messenger/webim/operator/agent.php
+++ b/src/messenger/webim/operator/agent.php
@ -83,7 +83,7 @@ if (!isset($_GET['token'])) {
 	}

 	$token = $thread['ltoken'];
-	header("Location: $webimroot/operator/agent.php?thread=$threadid&token=$token&level=$remote_level");
+	header("Location: $webimroot/operator/agent.php?thread=" . intval($threadid) . "&token=" . intval($token) . "&level=" . urlencode($remote_level));
 	exit;
 }

--- a/src/messenger/webim/operator/avatar.php
+++ b/src/messenger/webim/operator/avatar.php
@ -77,7 +77,7 @@ if (!$op) {
 		if ($opId && $avatar && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {
 			$_SESSION["${mysqlprefix}operator"]['vcavatar'] = $avatar;
 		}
-		header("Location: $webimroot/operator/avatar.php?op=$opId");
+		header("Location: $webimroot/operator/avatar.php?op=" . intval($opId));
 		exit;
 	} else {
 		$page['avatar'] = topage($op['vcavatar']);
@ -86,7 +86,7 @@ if (!$op) {
 } else {
 	if (isset($_GET['delete']) && $_GET['delete'] == "true" && $canmodify) {
 		update_operator_avatar($op['operatorid'], '');
-		header("Location: $webimroot/operator/avatar.php?op=$opId");
+		header("Location: $webimroot/operator/avatar.php?op=" . intval($opId));
 		exit;
 	}
 	$page['avatar'] = topage($op['vcavatar']);
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@ -110,7 +110,7 @@ if (isset($_GET['act']) && $_GET['act'] == 'delete') {
 		$link = connect();
 		perform_query("delete from ${mysqlprefix}chatresponses where id = " . intval($key), $link);
 		mysql_close($link);
-		header("Location: $webimroot/operator/canned.php?lang=$lang&group=$groupid");
+		header("Location: $webimroot/operator/canned.php?lang=" . urlencode($lang) . "&group=" . intval($groupid));
 		exit;
 	}
 }
--- a/src/messenger/webim/operator/group.php
+++ b/src/messenger/webim/operator/group.php
@ -95,11 +95,11 @@ if (isset($_POST['name'])) {
 	if (count($errors) == 0) {
 		if (!$groupid) {
 			$newdep = create_group($name, $description, $commonname, $commondescription, $email);
-			header("Location: $webimroot/operator/groupmembers.php?gid=" . $newdep['groupid']);
+			header("Location: $webimroot/operator/groupmembers.php?gid=" . intval($newdep['groupid']));
 			exit;
 		} else {
 			update_group($groupid, $name, $description, $commonname, $commondescription, $email);
-			header("Location: $webimroot/operator/group.php?gid=$groupid&stored");
+			header("Location: $webimroot/operator/group.php?gid=" . intval($groupid) . "&stored");
 			exit;
 		}
 	} else {
--- a/src/messenger/webim/operator/groupmembers.php
+++ b/src/messenger/webim/operator/groupmembers.php
@ -74,7 +74,7 @@ if (!$group) {
 	}

 	update_group_members($groupid, $new_members);
-	header("Location: $webimroot/operator/groupmembers.php?gid=$groupid&stored");
+	header("Location: $webimroot/operator/groupmembers.php?gid=" . intval($groupid) . "&stored");
 	exit;
 }

--- a/src/messenger/webim/operator/login.php
+++ b/src/messenger/webim/operator/login.php
@ -30,7 +30,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 	if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password)) {

 		$target = $password == ''
-				? "$webimroot/operator/operator.php?op=" . $operator['operatorid']
+				? "$webimroot/operator/operator.php?op=" . intval($operator['operatorid'])
 				: (isset($_SESSION['backpath'])
 					? $_SESSION['backpath']
 					: "$webimroot/operator/index.php");
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@ -84,7 +84,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 	if (count($errors) == 0) {
 		if (!$opId) {
 			$newop = create_operator($login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0, "");
-			header("Location: $webimroot/operator/avatar.php?op=" . $newop['operatorid']);
+			header("Location: $webimroot/operator/avatar.php?op=" . intval($newop['operatorid']));
 			exit;
 		} else {
 			update_operator($opId, $login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0);
@ -97,7 +97,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 					exit;
 				}
 			}
-			header("Location: $webimroot/operator/operator.php?op=$opId&stored");
+			header("Location: $webimroot/operator/operator.php?op=" . intval($opId) . "&stored");
 			exit;
 		}
 	} else {
--- a/src/messenger/webim/operator/opgroups.php
+++ b/src/messenger/webim/operator/opgroups.php
@ -64,7 +64,7 @@ if (!$op) {
 		}

 		update_operator_groups($op['operatorid'], $new_groups);
-		header("Location: $webimroot/operator/opgroups.php?op=$opId&stored");
+		header("Location: $webimroot/operator/opgroups.php?op=" . intval($opId) . "&stored");
 		exit;
 	}
 }
--- a/src/messenger/webim/operator/permissions.php
+++ b/src/messenger/webim/operator/permissions.php
@ -62,7 +62,7 @@ if (!$op) {
 		if ($opId && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {
 			$_SESSION["${mysqlprefix}operator"]['iperm'] = $new_permissions;
 		}
-		header("Location: $webimroot/operator/permissions.php?op=$opId&stored");
+		header("Location: $webimroot/operator/permissions.php?op=" . intval($opId) . "&stored");
 		exit;
 	}