Updates for potential XSS vuln ... someone please verify and get back to me

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4706 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2003-12-30 14:17:49 +00:00 · 2003-12-30 14:17:49 +00:00 · ad06356c5f
commit ad06356c5f
parent f51bf61478
2 changed files with 4 additions and 11 deletions
--- a/phpBB/groupcp.php
+++ b/phpBB/groupcp.php
@ -137,6 +137,7 @@ else
 if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
 {
 	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+	$mode = htmlspecialchars($mode);
 }
 else
 {
@ -590,7 +591,7 @@ else if ( $group_id )
 					$sql_in = '';
 					for($i = 0; $i < count($members); $i++)
 					{
-						$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i];
+						$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
 					}

 					if ( isset($HTTP_POST_VARS['approve']) )
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@ -58,6 +58,7 @@ $mark_list = ( !empty($HTTP_POST_VARS['mark']) ) ? $HTTP_POST_VARS['mark'] : 0;
 if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
 {
 	$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
+	$folder = htmlspecialchars($folder);

 	if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
 	{
@ -69,16 +70,6 @@ else
 	$folder = 'inbox';
 }

-// session id check
-if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
-{
-	$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
-}
-else
-{
-	$sid = '';
-}
-
 //
 // Start session management
 //
@ -102,6 +93,7 @@ if ( $cancel )
 if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
 {
 	$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+	$mode = htmlspecialchars($mode);
 }
 else
 {