Menu
▾
▴
[mxbb-commits] core27x common.php,1.2,1.3 login.php,1.1,1.2
|
From: Andrew N. \(MHobbit\) <men...@us...> - 2005-11-30 23:50:53
|
Update of /cvsroot/mxbb/core27x In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7560 Modified Files: common.php login.php Log Message: Mostly/all security updates, mostly in accordance with phpBB 2.0.18... we don't use CVS for the 2.7 series (or at least, we haven't) :-P. Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core27x/login.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** login.php 6 May 2005 06:47:57 -0000 1.1 --- login.php 30 Nov 2005 23:50:44 -0000 1.2 *************** *** 131,134 **** --- 131,141 ---- else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) { + // session id check + // added in accordance with phpBB 2.0.18 + if ($sid == '' || $sid != $userdata['session_id']) + { + message_die(GENERAL_ERROR, 'Invalid_session'); + } + if( $userdata['session_logged_in'] ) { *************** *** 168,171 **** --- 175,181 ---- ); + // added in accordance with phpBB 2.0.18 + $forward_page = ''; + if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) { *************** *** 179,184 **** if(count($forward_match) > 1) { - $forward_page = ''; - for($i = 1; $i < count($forward_match); $i++) { --- 189,192 ---- *************** *** 200,207 **** } } - else - { - $forward_page = ''; - } $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; --- 208,211 ---- *************** *** 209,213 **** $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />'; ! make_jumpbox($phpbb_root_path . 'viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'USERNAME' => $username, --- 213,217 ---- $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />'; ! make_jumpbox($phpbb_root_path . 'viewforum.'.$phpEx); $template->assign_vars(array( 'USERNAME' => $username, Index: common.php =================================================================== RCS file: /cvsroot/mxbb/core27x/common.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** common.php 22 May 2005 21:31:00 -0000 1.2 --- common.php 30 Nov 2005 23:50:44 -0000 1.3 *************** *** 32,39 **** set_magic_quotes_runtime(0); // Disable magic_quotes_runtime ! // The following code (unsetting globals) was contributed by Matt Kavanagh // PHP5 with register_long_arrays off? ! if (!isset($HTTP_POST_VARS) && isset($_POST)) { $HTTP_POST_VARS = $_POST; --- 32,40 ---- set_magic_quotes_runtime(0); // Disable magic_quotes_runtime ! // The following code (unsetting globals) ! // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files // PHP5 with register_long_arrays off? ! if (@phpversion() >= '5.0.0' && (!ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) { $HTTP_POST_VARS = $_POST; *************** *** 51,77 **** } ! if (@phpversion() < '4.0.0') { ! // PHP3 path; in PHP3, globals are _always_ registered ! ! // We 'flip' the array of variables to test like this so that ! // we can validate later with isset($test[$var]) (no in_array()) ! $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL, 'mx_root_path' => NULL); ! // Loop through each input array ! @reset($test); ! while (list($input,) = @each($test)) ! { ! while (list($var,) = @each($$input)) ! { ! // Validate the variable to be unset ! if (!isset($test[$var]) && $var != 'test' && $var != 'input') ! { ! unset($$var); ! } ! } ! } } ! else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { // PHP4+ path --- 52,68 ---- } ! // Protect against GLOBALS tricks ! if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) { ! die("Hacking attempt"); ! } ! // Protect against HTTP_SESSION_VARS tricks ! if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) ! { ! die("Hacking attempt"); } ! ! if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') { // PHP4+ path *************** *** 81,85 **** // is not an array, it will actually fail. So we check if // HTTP_SESSION_VARS has been initialised. ! if (!isset($HTTP_SESSION_VARS)) { $HTTP_SESSION_VARS = array(); --- 72,76 ---- // is not an array, it will actually fail. So we check if // HTTP_SESSION_VARS has been initialised. ! if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) { $HTTP_SESSION_VARS = array(); *************** *** 189,193 **** if( !defined("MX_INSTALLED") ) { ! header("Location: install/mx_install.$phpEx"); exit; } --- 180,184 ---- if( !defined("MX_INSTALLED") ) { ! header("Location: ' . $mx_root_path . 'install/mx_install.$phpEx"); exit; } *************** *** 202,205 **** --- 193,198 ---- include_once($phpbb_root_path . 'includes/functions.'.$phpEx); include_once($phpbb_root_path . 'includes/db.'.$phpEx); + // We do not need this any longer, unset for safety purposes + unset($dbpasswd); include_once($phpbb_root_path . 'includes/functions_selects.'.$phpEx); |
