makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Updates for potential XSS vuln ... someone please verify and get back to me

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4706 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-12-30 14:17:49 +00:00
parent f51bf61478
commit ad06356c5f
2 changed files with 4 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/groupcp.php
View file

@ -137,6 +137,7 @@ else
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{ {
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
} }
else else
{ {
@ -590,7 +591,7 @@ else if ( $group_id )
$sql_in = ''; $sql_in = '';
for($i = 0; $i < count($members); $i++) for($i = 0; $i < count($members); $i++)
{ {
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i]; $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
} }
if ( isset($HTTP_POST_VARS['approve']) ) if ( isset($HTTP_POST_VARS['approve']) )

12
phpBB/privmsg.php
View file

@ -58,6 +58,7 @@ $mark_list = ( !empty($HTTP_POST_VARS['mark']) ) ? $HTTP_POST_VARS['mark'] : 0;
if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) ) if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{ {
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder']; $folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
$folder = htmlspecialchars($folder);
if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' ) if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
{ {
@ -69,16 +70,6 @@ else
$folder = 'inbox'; $folder = 'inbox';
} }
// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}
// //
// Start session management // Start session management
// //
@ -102,6 +93,7 @@ if ( $cancel )
if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) ) if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{ {
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; $mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
} }
else else
{ {