Security issues merge.SSH_Experiments

author: Jason A. Donenfeld <Jason@zx2c4.com> 2011-11-07 20:40:21 -0500
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2011-11-07 20:41:44 -0500
commit: b29db6dc81985753a79d915ae3aaf1176f0507c3 (patch)
tree: 8fe51a07b603d0cbedfd00f263959ab58506f838
parent: Fix XSS. (diff)
download: oldgen-zmusic-SSH_Experiments.tar.xz
oldgen-zmusic-SSH_Experiments.zip
2 files changed, 8 insertions, 8 deletions
diff --git a/login.php b/login.php
index 22d3752..f19177e 100644
--- a/login.php
+++ b/login.php
@@ -20,10 +20,10 @@
 <form method="POST" onSubmit="document.getElementById('loginbutton').disabled = true;">
 <?php if($databaseLogin) { ?>
 <p style="color: orange; font-size: 8pt; font-weight: bold; ">Please enter the database password. This is a different password from the user password.<br><i>Note: if this is your first time scanning the music directory, the page may take a while to load.</i></p>
-<label>Database Password: <input type="password" name="dbpassword"<?php if($dbpassword != "") echo ' value="'.$dbpassword.'"'; ?>></label><br>
+<label>Database Password: <input type="password" name="dbpassword"<?php if($dbpassword != "") echo ' value="'.htmlentities($dbpassword).'"'; ?>></label><br>
 <?php } else { ?>
-<label>Username: <input type="text" name="username"<?php if($username != "") echo ' value="'.$username.'"'; ?>></label><br>
-<label>Password: <input type="password" name="password"<?php if($password != "") echo ' value="'.$password.'"'; ?>></label><br>
+<label>Username: <input type="text" name="username"<?php if($username != "") echo ' value="'.htmlentities($username).'"'; ?>></label><br>
+<label>Password: <input type="password" name="password"<?php if($password != "") echo ' value="'.htmlentities($password).'"'; ?>></label><br>
 <?php } ?>
 <input type="submit" value="Login" id="loginbutton">
 </form>
diff --git a/statistics.php b/statistics.php
index ba26366..cb5e5dd 100644
--- a/statistics.php
+++ b/statistics.php
@@ -57,7 +57,7 @@ echo '<h3 align="center" style="margin-bottom: 0px;">Top 10 User Agents</h3><div
 $query = mysql_query("SELECT COUNT(DISTINCT ip), useragent FROM requestlog GROUP BY useragent ORDER BY COUNT(DISTINCT ip) DESC LIMIT 10;");
 while($result = mysql_fetch_assoc($query))
 {
-	echo "<li>".$result["COUNT(DISTINCT ip)"].": ".$result["useragent"]."</li>";
+	echo "<li>".$result["COUNT(DISTINCT ip)"].": ".htmlentities($result["useragent"])."</li>";
 }
 echo "</div></div>";
 
@@ -74,8 +74,8 @@ $ipsResult = mysql_query("SELECT ip, MAX(time), COUNT(*) FROM requestlog GROUP B
 while($row = mysql_fetch_assoc($ipsResult))
 {
 	echo "<table width=\"100%\" cellspacing=\"0\">";
-	echo "<tr><th colspan=\"6\"><a href=\"http://ws.arin.net/whois?queryinput=".$row["ip"]."\">".$row["ip"]." (".@gethostbyaddr($row["ip"]).")</a> ".$row["COUNT(*)"]." total downloads</th></tr>";
-	$requestResult = mysql_query("SELECT * FROM requestlog WHERE ip = '".$row["ip"]."' AND leaderid = -1 ORDER BY time DESC");
+	echo "<tr><th colspan=\"6\"><a href=\"http://ws.arin.net/whois?queryinput=".$row["ip"]."\">".$row["ip"]." (".htmlentities(@gethostbyaddr($row["ip"])).")</a> ".$row["COUNT(*)"]." total downloads</th></tr>";
+	$requestResult = mysql_query("SELECT * FROM requestlog WHERE ip = '".mysql_real_escape_string($row["ip"])."' AND leaderid = -1 ORDER BY time DESC");
 	while($listen = mysql_fetch_assoc($requestResult))
 	{
 		if($listen["zip"])
@@ -90,13 +90,13 @@ while($row = mysql_fetch_assoc($ipsResult))
 		}
 		else
 		{
-			echo "<tr><td><font style=\"font-size:6pt;\">".date("M j, Y g:i:sa T", $listen["time"])."</font></td><td>".linkTerm($listen["artist"], "artist")."</td><td>".linkTerm($listen["album"], "album")."</td><td>".linkTerm($listen["title"], "title")."</td><td><font style=\"font-size: 4pt;\">".linkTerm($listen["sha1"], "sha1")."</font></td><td><font style=\"font-size: 4pt;\">".$listen["useragent"]."</font></td></tr>";
+			echo "<tr><td><font style=\"font-size:6pt;\">".date("M j, Y g:i:sa T", $listen["time"])."</font></td><td>".linkTerm($listen["artist"], "artist")."</td><td>".linkTerm($listen["album"], "album")."</td><td>".linkTerm($listen["title"], "title")."</td><td><font style=\"font-size: 4pt;\">".linkTerm($listen["sha1"], "sha1")."</font></td><td><font style=\"font-size: 4pt;\">".htmlentities($listen["useragent"])."</font></td></tr>";
 		}
 	}
 	echo "</table>";
 	echo "</p>";
 }
 ?>
-<p align="center" style="font-size:8pt">ZX2C4 Music is &copy; Copyright 2008-2009 Jason A. Donenfeld. All Rights Reserved.</p>
+<p align="center" style="font-size:8pt">ZX2C4 Music is &copy; Copyright 2004-2011 Jason A. Donenfeld. All Rights Reserved.</p>
 </body>
 </html>
author	Jason A. Donenfeld <Jason@zx2c4.com>	2011-11-07 20:40:21 -0500
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2011-11-07 20:41:44 -0500
commit	b29db6dc81985753a79d915ae3aaf1176f0507c3 (patch)
tree	8fe51a07b603d0cbedfd00f263959ab58506f838
parent	Fix XSS. (diff)
download	oldgen-zmusic-SSH_Experiments.tar.xz oldgen-zmusic-SSH_Experiments.zip