Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 3227 → Rev 3228

/web/intercept.php
366,28 → 366,28
# Read form parameters which we care about
# avoid the "user as a MAC address" attempts
if ((isset($_POST['username'])) && (preg_match('/^([0-9A-F]{2}-){5}[0-9A-F]{2}$/', $_POST['username']) !== 1))
$username = htmlspecialchars(trim($_POST['username'])); else $username = '';
if (isset($_POST['password'])) $password = htmlspecialchars($_POST['password']); else $password = '';
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
$username = htmlspecialchars(trim($_POST['username'])); else $username = '';
if (isset($_POST['password'])) $password = $_POST['password']; else $password = '';
if (isset($_POST['challenge'])) $challenge = htmlspecialchars($_POST['challenge']); else $challenge = '';
if (isset($_POST['button'])) $button = htmlspecialchars($_POST['button']); else $button = '';
// if (isset($_POST['logout'])) $logout = htmlspecialchars($_POST['logout']); else $logout = '';
// if (isset($_POST['prelogin'])) $prelogin = htmlspecialchars($_POST['prelogin']); else $prelogin = '';
// if (isset($_POST['res'])) $res = htmlspecialchars($_POST['res']); else $res = '';
// if (isset($_POST['uamip'])) $uamip = htmlspecialchars($_POST['uamip']); else $uamip = '';
// if (isset($_POST['uamport'])) $uamport = htmlspecialchars($_POST['uamport']); else $uamport = '';
if (isset($_POST['userurl'])) $userurl = htmlspecialchars($_POST['userurl']); else $userurl = '';
// if (isset($_POST['timeleft'])) $timeleft = htmlspecialchars($_POST['timeleft']); else $timeleft = '';
// if (isset($_POST['redirurl'])) $redirurl = htmlspecialchars($_POST['redirurl']); else $redirurl = '';
 
# Read query parameters which we care about
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
if (isset($_GET['res'])) $res = htmlspecialchars($_GET['res']); else $res = '';
// if (isset($_GET['reason'])) $reason = htmlspecialchars($_GET['reason']); else $reason = '';
if (isset($_GET['challenge'])) $challenge = htmlspecialchars($_GET['challenge']);
// if (isset($_GET['uamip'])) $uamip = htmlspecialchars($_GET['uamip']);
// if (isset($_GET['uamport'])) $uamport = htmlspecialchars($_GET['uamport']);
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
if (isset($_GET['timeleft'])) $timeleft = htmlspecialchars($_GET['timeleft']); else $timeleft = '';
if (isset($_GET['reply'])) $reply = htmlspecialchars(trim($_GET['reply'])); else $reply = '';
if (isset($_GET['redirurl'])) $redirurl = htmlspecialchars($_GET['redirurl']); else $redirurl = '';
if (isset($_GET['userurl'])) $userurl = htmlspecialchars($_GET['userurl']);
 
// TODO: clean unused query params