98f430188c
- Added a new tools.security.php file containing functions for sanitizing filenames, paths, and user inputs to prevent directory traversal and XSS attacks. - Updated various files to utilize the new sanitization functions (Sf, Si) for user inputs and file operations, ensuring safer handling of data. - Improved HTML output safety by applying htmlspecialchars to user-generated content in pre-body.php, cal.php, and other relevant files. - Refactored user authentication and data retrieval processes in tools.auth.php and _login.php to enhance security and maintainability. - Ensured consistent use of sanitization functions in API endpoints and admin functionalities to mitigate potential security vulnerabilities.
26 lines
1.2 KiB
PHP
Executable File
26 lines
1.2 KiB
PHP
Executable File
<?php
|
|
$APP_CODE = "club";
|
|
$APP_NAME = "La web del Club<sup>3</sup>";
|
|
$APP_TITLE = "La web del Club";
|
|
require_once "../../_incl/pre-body.php";
|
|
require_once "../../_incl/tools.security.php";
|
|
?>
|
|
<div class="card pad">
|
|
<h1>Subir fotos</h1>
|
|
<form action="form.php" method="get">
|
|
<div class="mb-3">
|
|
<label for="n" class="form-label"><b>Tu nombre:</b></label>
|
|
<input required type="text" id="n" name="n" class="form-control" value="<?php echo htmlspecialchars($_GET["n"] ?? "");?>" placeholder="Nombre...">
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="f" class="form-label"><b>Fecha:</b></label>
|
|
<input required type="date" id="f" name="f" class="form-control" value="<?php echo htmlspecialchars($_GET["f"] ?? "");?>" placeholder="Fecha...">
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="p" class="form-label"><b>La contraseña:</b></label>
|
|
<input required type="text" id="p" name="p" class="form-control" value="<?php echo htmlspecialchars($_GET["p"] ?? "");?>" placeholder="Contraseña...">
|
|
</div>
|
|
<button type="submit" class="btn btn-primary">Continuar...</button>
|
|
</form>
|
|
</div>
|
|
<?php require_once "../../_incl/post-body.php"; ?>
|