[mxbb-commits] core common.php,1.41,1.42 login.php,1.12,1.13

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/mxbb/core
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26951

Modified Files:
	common.php login.php 
Log Message:
Security updates round... most code implemented from phpBB 2.0.18.

Index: login.php
===================================================================
RCS file: /cvsroot/mxbb/core/login.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** login.php	1 Oct 2005 14:10:44 -0000	1.12
--- login.php	25 Nov 2005 02:52:16 -0000	1.13
***************
*** 129,133 ****
  	}
  	else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
! 	{ 
  		if( $userdata['session_logged_in'] )
  		{
--- 129,139 ----
  	}
  	else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
! 	{
! 		// session id check
! 		if ($sid == '' || $sid != $userdata['session_id'])
! 		{
! 			mx_message_die(GENERAL_ERROR, 'Invalid_session');
! 		}
! 		
  		if( $userdata['session_logged_in'] )
  		{
***************
*** 167,170 ****
--- 173,178 ----
  		);

+ 		$forward_page = '';		
+ 		
  		if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
  		{
***************
*** 178,183 ****
  				if(count($forward_match) > 1)
  				{
- 					$forward_page = '';
- 
  					for($i = 1; $i < count($forward_match); $i++)
  					{
--- 186,189 ----
***************
*** 199,206 ****
  			}
  		}
- 		else
- 		{
- 			$forward_page = '';
- 		}

  		$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
--- 205,208 ----
***************
*** 209,213 ****
  		$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';

! 		make_jumpbox($phpbb_root_path . 'viewforum.'.$phpEx, $forum_id);
  		$layouttemplate->assign_vars(array(
  			'USERNAME' => $username,
--- 211,215 ----
  		$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';

! 		make_jumpbox($phpbb_root_path . 'viewforum.'.$phpEx);
  		$layouttemplate->assign_vars(array(
  			'USERNAME' => $username,

Index: common.php
===================================================================
RCS file: /cvsroot/mxbb/core/common.php,v
retrieving revision 1.41
retrieving revision 1.42
diff -C2 -d -r1.41 -r1.42
*** common.php	15 Oct 2005 22:12:17 -0000	1.41
--- common.php	25 Nov 2005 02:52:16 -0000	1.42
***************
*** 27,41 ****

  // ================================================================================
! // The following code is based on common.php from phpBB 2.0.14
  // ================================================================================

- //
  error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
  set_magic_quotes_runtime(0); // Disable magic_quotes_runtime

! // The following code (unsetting globals) was contributed by Matt Kavanagh

  // PHP5 with register_long_arrays off?
! if (!isset($HTTP_POST_VARS) && isset($_POST))
  {
  	$HTTP_POST_VARS = $_POST;
--- 27,41 ----

  // ================================================================================
! // The following code is based on common.php from phpBB 2.0.18
  // ================================================================================

  error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
  set_magic_quotes_runtime(0); // Disable magic_quotes_runtime

! // The following code (unsetting globals)
! // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files

  // PHP5 with register_long_arrays off?
! if (@phpversion() >= '5.0.0' && (!ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off'))
  {
  	$HTTP_POST_VARS = $_POST;
***************
*** 53,82 ****
  }

! if (@phpversion() < '4.0.0')
  {
! 	// PHP3 path; in PHP3, globals are _always_ registered
! 	
! 	// We 'flip' the array of variables to test like this so that
! 	// we can validate later with isset($test[$var]) (no in_array())
! 	$test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL);
! //+MOD: Added by mxBB
! 	$test['mx_root_path'] = NULL;
! //-MOD: Added by mxBB

! 	// Loop through each input array
! 	@reset($test);
! 	while (list($input,) = @each($test))
! 	{
! 		while (list($var,) = @each($$input))
! 		{
! 			// Validate the variable to be unset
! 			if (!isset($test[$var]) && $var != 'test' && $var != 'input')
! 			{
! 				unset($$var);
! 			}
! 		}
! 	}
  }
! else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
  {
  	// PHP4+ path
--- 53,69 ----
  }

! // Protect against GLOBALS tricks
! if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']))
  {
! 	die("Hacking attempt");
! }

! // Protect against HTTP_SESSION_VARS tricks
! if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS))
! {
! 	die("Hacking attempt");
  }
! 
! if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
  {
  	// PHP4+ path
***************
*** 89,93 ****
  	// is not an array, it will actually fail. So we check if
  	// HTTP_SESSION_VARS has been initialised.
! 	if (!isset($HTTP_SESSION_VARS))
  	{
  		$HTTP_SESSION_VARS = array();
--- 76,80 ----
  	// is not an array, it will actually fail. So we check if
  	// HTTP_SESSION_VARS has been initialised.
! 	if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS))
  	{
  		$HTTP_SESSION_VARS = array();
***************
*** 100,104 ****
  	unset($input['input']);
  	unset($input['not_unset']);
! 	
  	while (list($var,) = @each($input))
  	{
--- 87,91 ----
  	unset($input['input']);
  	unset($input['not_unset']);
! 
  	while (list($var,) = @each($input))
  	{
***************
*** 108,112 ****
  		}
  	}
!    
  	unset($input);
  }
--- 95,99 ----
  		}
  	}
! 
  	unset($input);
  }
***************
*** 198,202 ****
  if( !defined('MX_INSTALLED') )
  {
! 	header("Location: install/mx_install.$phpEx");
  	exit;
  }
--- 185,189 ----
  if( !defined('MX_INSTALLED') )
  {
! 	header("Location: " . $mx_root_path . "install/mx_install.$phpEx");
  	exit;
  }
***************
*** 209,212 ****
--- 196,201 ----
  include_once($phpbb_root_path . 'includes/functions.' . $phpEx);
  include_once($phpbb_root_path . 'includes/db.' . $phpEx);
+ // We do not need this any longer, unset for safety purposes
+ unset($dbpasswd);
  include_once($phpbb_root_path . 'includes/functions_selects.' . $phpEx);
  include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);