Menu
▾
▴
[mxbb-commits] mx_kb/admin admin_kb_art.php,1.11,1.12 admin_kb_cat.php,1.6,1.7 admin_kb_config.php,1.12,1.13 admin_kb_types.php,1.5,1.6
|
From: <mxb...@li...> - 2005-03-17 12:37:33
|
Update of /cvsroot/mxbb/mx_kb/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8415/modules/mx_kb/admin Modified Files: admin_kb_art.php admin_kb_cat.php admin_kb_config.php admin_kb_types.php Log Message: Bug #47 - SQL Injection vulnerability in Knowledge Base MOD Index: admin_kb_cat.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/admin/admin_kb_cat.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** admin_kb_cat.php 1 Feb 2005 20:45:04 -0000 1.6 --- admin_kb_cat.php 17 Mar 2005 12:37:24 -0000 1.7 *************** *** 184,189 **** $cat_desc = $HTTP_POST_VARS['catdesc']; ! $parent = $HTTP_POST_VARS['parent']; ! $comments_forum_id = $HTTP_POST_VARS['forum_id']; if ( $comments_forum_id == 0 ) --- 184,189 ---- $cat_desc = $HTTP_POST_VARS['catdesc']; ! $parent = intval( $HTTP_POST_VARS['parent'] ); ! $comments_forum_id = intval( $HTTP_POST_VARS['forum_id'] ); if ( $comments_forum_id == 0 ) *************** *** 230,234 **** if ( !$HTTP_POST_VARS['submit'] ) { ! $cat_id = $HTTP_GET_VARS['cat']; $sql = "SELECT * FROM " . KB_CATEGORIES_TABLE . " WHERE category_id = " . $cat_id; --- 230,234 ---- if ( !$HTTP_POST_VARS['submit'] ) { ! $cat_id = intval( $HTTP_GET_VARS['cat'] ); $sql = "SELECT * FROM " . KB_CATEGORIES_TABLE . " WHERE category_id = " . $cat_id; *************** *** 349,358 **** else if ( $HTTP_POST_VARS['submit'] ) { ! $cat_id = $HTTP_POST_VARS['catid']; $cat_name = trim( $HTTP_POST_VARS['catname'] ); $cat_desc = $HTTP_POST_VARS['catdesc']; ! $number_articles = $HTTP_POST_VARS['number_articles']; ! $parent = $HTTP_POST_VARS['parent']; ! $comments_forum_id = $HTTP_POST_VARS['forum_id']; $view_level = intval( $HTTP_POST_VARS['auth_view'] ); --- 349,358 ---- else if ( $HTTP_POST_VARS['submit'] ) { ! $cat_id = intval( $HTTP_POST_VARS['catid'] ); $cat_name = trim( $HTTP_POST_VARS['catname'] ); $cat_desc = $HTTP_POST_VARS['catdesc']; ! $number_articles = intval( $HTTP_POST_VARS['number_articles'] ); ! $parent = intval( $HTTP_POST_VARS['parent'] ); ! $comments_forum_id = intval( $HTTP_POST_VARS['forum_id'] ); $view_level = intval( $HTTP_POST_VARS['auth_view'] ); Index: admin_kb_art.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/admin/admin_kb_art.php,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** admin_kb_art.php 1 Feb 2005 20:44:51 -0000 1.11 --- admin_kb_art.php 17 Mar 2005 12:37:24 -0000 1.12 *************** *** 85,89 **** case 'approve': ! $article_id = $HTTP_GET_VARS['a']; $topic_sql = ''; --- 85,89 ---- case 'approve': ! $article_id = intval( $HTTP_GET_VARS['a'] ); $topic_sql = ''; *************** *** 187,191 **** case 'unapprove': ! $article_id = $HTTP_GET_VARS['a']; $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET approved = 0 --- 187,191 ---- case 'unapprove': ! $article_id = intval( $HTTP_GET_VARS['a'] ); $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET approved = 0 *************** *** 220,227 **** case 'delete': if ( $HTTP_GET_VARS['c'] == "yes" ) { - $article_id = $HTTP_GET_VARS['a']; - $sql = "SELECT article_category_id, approved, topic_id FROM " . KB_ARTICLES_TABLE . " --- 220,227 ---- case 'delete': + $article_id = intval( $HTTP_GET_VARS['a'] ); + if ( $HTTP_GET_VARS['c'] == "yes" ) { $sql = "SELECT article_category_id, approved, topic_id FROM " . KB_ARTICLES_TABLE . " *************** *** 379,383 **** else { ! $message = $lang['Confirm_art_delete'] . '<br /><br />' . sprintf( $lang['Confirm_art_delete_yes'], '<a href="' . append_sid( "admin_kb_art.$phpEx?mode=delete&c=yes&a=" . $HTTP_GET_VARS['a'] ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Confirm_art_delete_no'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ); message_die( GENERAL_MESSAGE, $message ); --- 379,383 ---- else { ! $message = $lang['Confirm_art_delete'] . '<br /><br />' . sprintf( $lang['Confirm_art_delete_yes'], '<a href="' . append_sid( "admin_kb_art.$phpEx?mode=delete&c=yes&a=" . $article_id ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Confirm_art_delete_no'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ); message_die( GENERAL_MESSAGE, $message ); Index: admin_kb_types.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/admin/admin_kb_types.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** admin_kb_types.php 9 Jan 2005 21:40:38 -0000 1.5 --- admin_kb_types.php 17 Mar 2005 12:37:24 -0000 1.6 *************** *** 127,131 **** if ( !$HTTP_POST_VARS['submit'] ) { ! $type_id = $HTTP_GET_VARS['cat']; $sql = "SELECT * FROM " . KB_TYPES_TABLE . " WHERE id = " . $type_id; --- 127,131 ---- if ( !$HTTP_POST_VARS['submit'] ) { ! $type_id = intval( $HTTP_GET_VARS['cat'] ); $sql = "SELECT * FROM " . KB_TYPES_TABLE . " WHERE id = " . $type_id; *************** *** 158,162 **** else if ( $HTTP_POST_VARS['submit'] ) { ! $type_id = $HTTP_POST_VARS['typeid']; $type_name = trim( $HTTP_POST_VARS['catname'] ); --- 158,162 ---- else if ( $HTTP_POST_VARS['submit'] ) { ! $type_id = intval( $HTTP_POST_VARS['typeid'] ); $type_name = trim( $HTTP_POST_VARS['catname'] ); *************** *** 184,188 **** if ( !$HTTP_POST_VARS['submit'] ) { ! $type_id = $HTTP_GET_VARS['cat']; $sql = "SELECT * --- 184,188 ---- if ( !$HTTP_POST_VARS['submit'] ) { ! $type_id = intval( $HTTP_GET_VARS['cat'] ); $sql = "SELECT * Index: admin_kb_config.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/admin/admin_kb_config.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** admin_kb_config.php 1 Feb 2005 20:45:07 -0000 1.12 --- admin_kb_config.php 17 Mar 2005 12:37:24 -0000 1.13 *************** *** 46,87 **** include_once( $mx_root_path . 'admin/page_header_admin.' . $phpEx ); - - /* - function get_groups( $sel_id ) - { - global $db; - - $sql = "SELECT group_id, group_name - FROM " . GROUPS_TABLE; - - if ( !$result = $db->sql_query( $sql ) ) - { - message_die( GENERAL_ERROR, "Couldn't get list of groups", "", __LINE__, __FILE__, $sql ); - } - - $grouplist = '<select name="mod_group">'; - - while ( $row = $db->sql_fetchrow( $result ) ) - { - if ( $row['group_name'] != '' ) - { - if ( $sel_id == $row['group_id'] ) - { - $status = "selected"; - } - else - { - $status = ''; - } - $grouplist .= '<option value="' . $row['group_id'] . '" ' . $status . '>' . $row['group_name'] . '</option>'; - } - } - - $grouplist .= '</select>'; - - return $grouplist; - } - */ - // Pull all config data --- 46,49 ---- *************** *** 241,254 **** 'S_NEW_NO' => $new_no, - // 'L_APPROVE_NEW_NAME' => $lang['Approve_new_name'], - // 'L_APPROVE_NEW_EXPLAIN' => $lang['Approve_new_explain'], - // 'S_APPROVE_NEW_YES' => $approve_new_yes, - // 'S_APPROVE_NEW_NO' => $approve_new_no, - - // 'L_EDIT_NAME' => $lang['Edit_name'], - // 'L_EDIT_EXPLAIN' => $lang['Edit_explain'], - // 'S_EDIT_YES' => $edit_yes, - // 'S_EDIT_NO' => $edit_no, - 'L_SHOW' => $lang['Show'], 'L_HIDE' => $lang['Hide'], --- 203,206 ---- *************** *** 262,270 **** 'L_PT_BODY' => $pt_body, - // 'L_APPROVE_EDIT_NAME' => $lang['Approve_edit_name'], - // 'L_APPROVE_EDIT_EXPLAIN' => $lang['Approve_edit_explain'], - // 'S_APPROVE_EDIT_YES' => $approve_edit_yes, - // 'S_APPROVE_EDIT_NO' => $approve_edit_no, - 'L_NOTIFY_NAME' => $lang['Notify_name'], 'L_NOTIFY_EXPLAIN' => $lang['Notify_explain'], --- 214,217 ---- *************** *** 284,291 **** 'S_USE_COMMENTS_NO' => $use_comments_no, - // 'L_FORUM_ID' => $lang['Forum_id'], - // 'L_FORUM_ID_EXPLAIN' => $lang['Forum_id_explain'], - // 'FORUMS' => $forums, - // Added by Haplo 'L_RATINGS_INFO' => $lang['Rating_info'], 'L_COMMENTS_INFO' => $lang['Comment_info'], --- 231,234 ---- *************** *** 296,303 **** 'S_COMMENTS_SHOW_NO' => $comments_show_no, - // 'L_MOD_GROUP' => $lang['Mod_group'], - // 'L_MOD_GROUP_EXPLAIN' => $lang['Mod_group_explain'], - // 'MOD_GROUP' => $mod_group, - 'L_BUMP_POST' => $lang['Bump_post'], 'L_BUMP_POST_EXPLAIN' => $lang['Bump_post_explain'], --- 239,242 ---- *************** *** 325,333 **** 'S_USE_RATINGS_NO' => $use_ratings_no, - // 'L_ALLOW_ANONYMOS_RATING' => $lang['Allow_anonymos_rating'], - // 'L_ALLOW_ANONYMOS_RATING_EXPLAIN' => $lang['Allow_anonymos_rating_explain'], - // 'S_ALLOW_ANONYMOS_RATING_YES' => $allow_anonymos_rating_yes, - // 'S_ALLOW_ANONYMOS_RATING_NO' => $allow_anonymos_rating_no, - 'L_VOTES_CHECK_IP' => $lang['Votes_check_ip'], 'L_VOTES_CHECK_IP_EXPLAIN' => $lang['Votes_check_ip_explain'], --- 264,267 ---- |
