Deleted User 1
Joined: 31 Dec 1969
Post Count: 0
0 Potch
0 Soldiers
0 Nation Points
|
Posted: Mon Jul 05, 2004 4:18 am Post subject: |
|
|
I think there's some problems with your installation. Below is better code that will fix some security holes your current code will not cover.
1.
FIND - Line 105
Code:
$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
REPLACE WITH
Code:
$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
if (is_array($simple_ary))
{
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
* admin/admin_forums.php
1.
FIND - Line 60
Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
Code:
$mode = htmlspecialchars($mode);
* admin/admin_groups.php
1.
FIND - Line 55
Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
Code:
$mode = htmlspecialchars($mode);
* admin/admin_ranks.php
1.
FIND - Line 43
Code:
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
Code:
$mode = htmlspecialchars($mode);
* admin/admin_smilies.php
1.
FIND - Line 62
Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
Code:
$mode = htmlspecialchars($mode);
2.
FIND - Line 319
Code:
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
Code:
$smiley_id = intval($smiley_id);
3.
FIND - Line 340
Code:
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
Code:
$smiley_id = intval($smiley_id);
* admin/admin_styles.php
1.
FIND - Line 61
Code:
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
Code:
$mode = htmlspecialchars($mode);
2.
FIND - Line 492
Code:
$style_id = $HTTP_GET_VARS['style_id'];
REPLACE WITH
Code:
$style_id = intval($HTTP_GET_VARS['style_id']);
3.
FIND - Line 707
Code:
WHERE template_name = '$template_name'";
REPLACE WITH
Code:
WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
* admin/admin_ug_auth.php
1.
FIND - Line 60
Code:
$user_id = intval($user_id);
$group_id = intval($group_id);
AFTER, ADD
Code:
$adv = intval($adv);
$mode = htmlspecialchars($mode);
* admin/admin_user_ban.php
1.
FIND - Line 280
Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
REPLACE WITH
Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
2.
FIND - Line 293
Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
REPLACE WITH
Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
3.
FIND - Line 306
Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
REPLACE WITH
Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
* admin/admin_users.php
1.
FIND - Line 52
Code:
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
Code:
$mode = htmlspecialchars($mode);
2.
FIND - Line 842
Code:
$category = $HTTP_POST_VARS['avatarcategory'];
REPLACE WITH
Code:
$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
* admin/admin_words.php
1.
FIND - Line 44
Code:
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
Code:
$mode = htmlspecialchars($mode);
2.
FIND - Line 67
Code:
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;
REPLACE WITH
Code:
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
3.
FIND - Line 117
Code:
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;
REPLACE WITH
Code:
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
4.
FIND - Line 154
Code:
if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
Code:
$word_id = intval($word_id);
* admin/pagestart.php
1.
FIND - Line 59
Code:
redirect($url);
REPLACE WITH
Code:
redirect("index.$phpEx?sid=" . $userdata['session_id']);
* includes/bbcode.php
1.
FIND - Line 284
Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^\r\n\t<"]*?)\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
REPLACE WITH
Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&="\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
* includes/functions_search.php
1.
FIND - Line 201
Code:
$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)';
break;
case 'mssql':
AFTER, ADD
Code:
case 'mssql-odbc':
2.
FIND - Line 226
Code:
VALUES $value_sql";
break;
case 'mssql':
AFTER, ADD
Code:
case 'mssql-odbc':
* includes/usercp_register.php
1.
FIND - Line 180
Code:
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
REPLACE WITH
Code:
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
|
|