366,28 → 366,28 |
# Read form parameters which we care about |
# avoid the "user as a MAC address" attempts |
if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1)) |
$username = htmlspecialchars(trim($_POST['username'])); else $username = ''; |
if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = ''; |
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = ''; |
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = ''; |
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = ''; |
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = ''; |
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = ''; |
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = ''; |
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = ''; |
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = ''; |
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = ''; |
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = ''; |
$username = htmlspecialchars(trim($_POST['username'])); else $username = ''; |
if (isset($_POST['password'])) $password = $_POST['password']; else $password = ''; |
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = ''; |
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = ''; |
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = ''; |
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = ''; |
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = ''; |
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = ''; |
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = ''; |
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = ''; |
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = ''; |
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = ''; |
|
# Read query parameters which we care about |
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = ''; |
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = ''; |
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = ''; |
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = ''; |
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']); |
// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']); |
// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']); |
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = ''; |
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = ''; |
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = ''; |
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = ''; |
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = ''; |
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = ''; |
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']); |
|
// TODO: clean unused query params |