Commit c7f10155 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add more addslashes calls. Other little things.

parent dff21d31
......@@ -83,8 +83,14 @@ $gid = $row[0];
# tbstopit <pid> <eid>
#
echo "<center><br>";
echo "<h3>Terminating the experiment. This may take a few minutes ...</h3>";
echo "</center>";
echo "<h3>Terminating the experiment. This may take a few minutes ...
</center><br><br>
Please do <em>not</em> click the 'Stop' button. This will cause
the experiment teardown to terminate prematurely, which can cause
problems for future (other) experiments.
</h3>";
flush();
#
# Run the scripts. We use a script wrapper to deal with changing
......
......@@ -86,6 +86,9 @@ if (strlen($proj_head_uid) > $TBDB_UIDLEN) {
#
$proj_why = addslashes($proj_why);
$proj_name = addslashes($proj_name);
$usr_affil = addslashes($usr_affil);
$usr_title = addslashes($usr_title);
$usr_addr = addslashes($usr_addr);
#
# This is a new project request. Make sure it does not already exist.
......
......@@ -45,6 +45,14 @@ if (strlen($uid) > $TBDB_UIDLEN) {
"Please select another.", 1);
}
#
# Certain of these values must be escaped or otherwise sanitized.
#
$usr_name = addslashes($usr_name);
$usr_affil = addslashes($usr_affil);
$usr_title = addslashes($usr_title);
$usr_addr = addslashes($usr_addr);
#
# See if this is a new user or one returning.
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment