From e9ef77e1c63f5d8ad5a9db4eee8d77a91ec96b56 Mon Sep 17 00:00:00 2001
From: jbousquie <jerome@bousquie.fr>
Date: Fri, 18 Nov 2016 15:06:04 +0100
Subject: [PATCH] =?UTF-8?q?fix=20:=20db=5Fescape=5Fstring=20=C3=A0=20la=20?=
 =?UTF-8?q?place=20de=20addslashes()?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 index.php | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/index.php b/index.php
index 26455b7..cf943a1 100644
--- a/index.php
+++ b/index.php
@@ -3,22 +3,15 @@ include_once('winlogconf.php');
 include_once('admin/db_access.php');
 
 // ne traiter que sur des requêtes POST sur le port 443
-if ( $_SERVER["REQUEST_METHOD"] == "POST" && $_SERVER["SERVER_PORT"] == "443") {
+if ( $_SERVER["REQUEST_METHOD"] == "POST" && $_SERVER["SERVER_PORT"] == "443" && strcmp(addslashes($_POST["code"]), addslashes($server_code)) ) {
 
-    $action = addslashes($_POST["action"]);
-	$username = addslashes($_POST["username"]);
-	$computer = addslashes($_POST["computer"]);
-	$code = $_POST["code"];
-	$ip = $_SERVER["REMOTE_ADDR"];
-
-	// se protéger des POST anonymes par un code partagé entre client et serveur
-	if (strcmp(addslashes($code), addslashes($server_code)) != 0) { 
-		exit; 
-	 } 
-
-	 
 	$db = db_connect();
 
+    $action = db_escape_string($db, $_POST["action"]);
+	$username = db_escape_string($db, $_POST["username"]);
+	$computer = db_escape_string($db, $_POST["computer"]);
+	$ip = $_SERVER["REMOTE_ADDR"];
+
 	// requête de purge d'une éventuelle connexion restée ouverte sur une machine (multi-session non autorisée sur les PC)
 	$req_purge_C = 'UPDATE connexions SET close = 1 WHERE close = 0 AND hote = "'.$computer.'"';
 	// requête de création de l'enregistrement de connexion