escape all users input strings

use intval for integers or sqlite_escape_string for strings

diff --git a/getjson.php b/getjson.php
index cc93c7c352b95f0b6c42466c7e3cadf02a929155..028864652f2d282bea6814ad56c2f129d32f8ed0 100644 (file)
--- a/getjson.php
+++ b/getjson.php
@@ -19,7 +19,7 @@ else
 if (isset($_REQUEST["S"]))
   {
     /* single tag or part of tag */
-    $tag = $_REQUEST["S"];
+    $tag = sqlite_escape_string($_REQUEST["S"]);
     /* individual tags are separated by '+' */
     $result = $DB->query("SELECT name FROM tags where name like \"%$tag%\"");
     $count = $DB->query("SELECT 1");
@@ -27,14 +27,14 @@ if (isset($_REQUEST["S"]))
 else
   {
     if (isset($_REQUEST["P"]))
-      $OFFSET = "".($_REQUEST["P"]*$N-$N);
+      $OFFSET = "".(intval($_REQUEST["P"])*$N-$N);
     else
       $OFFSET = "0";
 
     if (isset($_REQUEST["T"]))
       {
        /* single tag or part of tag */
-       $tags = $_REQUEST["T"];
+       $tags = sqlite_escape_string($_REQUEST["T"]);
        $tags = explode("+",$tags);
        $tags = "'".implode("','",$tags)."'";
 

diff --git a/index.php b/index.php
index 822df79c0bc8333c3cb55183baf14b181477df92..a6112aba1ed4604d05d74d49726af0aa1c5acfd0 100644 (file)
--- a/index.php
+++ b/index.php
@@ -15,7 +15,7 @@ else
   $page = 1;
 
 if(isset($_REQUEST["tag"]))
-  $tags = $_REQUEST["tag"];
+  $tags = htmlentities($_REQUEST["tag"]);
 else
   $tags = "";