EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance security and input sanitization across multiple files

Browse Source 
- Added a new tools.security.php file containing functions for sanitizing filenames, paths, and user inputs to prevent directory traversal and XSS attacks.
- Updated various files to utilize the new sanitization functions (Sf, Si) for user inputs and file operations, ensuring safer handling of data.
- Improved HTML output safety by applying htmlspecialchars to user-generated content in pre-body.php, cal.php, and other relevant files.
- Refactored user authentication and data retrieval processes in tools.auth.php and _login.php to enhance security and maintainability.
- Ensured consistent use of sanitization functions in API endpoints and admin functionalities to mitigate potential security vulnerabilities.
This commit is contained in:
naielv
2026-02-18 23:22:58 +01:00
parent a6ebede883
commit 98f430188c
17 changed files with 214 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
public_html/club/upload/index.php
View File

@@ -2,21 +2,23 @@
$APP_CODE = "club";
$APP_NAME = "La web del Club<sup>3</sup>";
$APP_TITLE = "La web del Club";
require_once "../../_incl/pre-body.php"; ?>
require_once "../../_incl/pre-body.php";
require_once "../../_incl/tools.security.php";
?>
<div class="card pad">
<h1>Subir fotos</h1>
<form action="form.php" method="get">
<div class="mb-3">
<label for="n" class="form-label"><b>Tu nombre:</b></label>
<input required type="text" id="n" name="n" class="form-control" value="<?php echo $_GET["n"] ?: "";?>" placeholder="Nombre...">
<input required type="text" id="n" name="n" class="form-control" value="<?php echo htmlspecialchars($_GET["n"] ?? "");?>" placeholder="Nombre...">
</div>
<div class="mb-3">
<label for="f" class="form-label"><b>Fecha:</b></label>
<input required type="date" id="f" name="f" class="form-control" value="<?php echo $_GET["f"] ?: "";?>" placeholder="Fecha...">
<input required type="date" id="f" name="f" class="form-control" value="<?php echo htmlspecialchars($_GET["f"] ?? "");?>" placeholder="Fecha...">
</div>
<div class="mb-3">
<label for="p" class="form-label"><b>La contraseña:</b></label>
<input required type="text" id="p" name="p" class="form-control" value="" placeholder="Contraseña...">
<input required type="text" id="p" name="p" class="form-control" value="<?php echo htmlspecialchars($_GET["p"] ?? "");?>" placeholder="Contraseña...">
</div>
<button type="submit" class="btn btn-primary">Continuar...</button>
</form>