Update of /cvsroot/openfirst/projects
In directory sc8-pr-cvs1:/tmp/cvs-serv24108
Modified Files:
viewmeeting.php
Log Message:
IMPORTANT: Fix a privilege escalation SECURITY VULNERABILITY, use include_once() instead of include() where appropriate, fix minor spacing issues.
Index: viewmeeting.php
===================================================================
RCS file: /cvsroot/openfirst/projects/viewmeeting.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** viewmeeting.php 12 Oct 2003 23:39:14 -0000 1.6
--- viewmeeting.php 23 Oct 2003 13:34:56 -0000 1.7
***************
*** 28,34 ****
// Include globals and set header condense (not coded yet)
! include("../config/globals.php");
$header_condense = true;
! include($header);
// Check if user is a member
--- 28,34 ----
// Include globals and set header condense (not coded yet)
! include_once("../config/globals.php");
$header_condense = true;
! include_once($header);
// Check if user is a member
***************
*** 43,47 ****
if(! isset($_POST['absent'])){
echo "<br><br>You must select users who were absent of click none! Click back to continue.<br><br><br>";
! die(include($footer));
}
--- 43,47 ----
if(! isset($_POST['absent'])){
echo "<br><br>You must select users who were absent of click none! Click back to continue.<br><br><br>";
! die(include_once($footer));
}
***************
*** 59,63 ****
Status = 'done' WHERE ID = '".$_GET['ID']."'") or die(ofirst_dberror());
echo "<br><br>Meeting updated! [ <a href='meetings.php'>Meetings</a> ]<br><br>";
! die(include($footer));
}
--- 59,63 ----
Status = 'done' WHERE ID = '".$_GET['ID']."'") or die(ofirst_dberror());
echo "<br><br>Meeting updated! [ <a href='meetings.php'>Meetings</a> ]<br><br>";
! die(include_once($footer));
}
***************
*** 84,88 ****
// List people who meeting was arranged for
$assign = explode(",",$meeting->ArrangedFor);
! foreach($assign as $assign){
$query = ofirst_dbquery("SELECT * FROM ofirst_projects_groups WHERE ID = '".$assign."' ORDER BY GroupName;");
$group = ofirst_dbfetch_object($query);
--- 84,88 ----
// List people who meeting was arranged for
$assign = explode(",",$meeting->ArrangedFor);
! foreach($assign as $assign) {
$query = ofirst_dbquery("SELECT * FROM ofirst_projects_groups WHERE ID = '".$assign."' ORDER BY GroupName;");
$group = ofirst_dbfetch_object($query);
***************
*** 109,114 ****
<br>
<?php
! if($meeting->Status != "done"){
! if($user->membertype = "administrator"){
?>
<form onsubmit="return dhtmlEditorPrepareSubmit();" action='viewmeeting.php?ID=<?php echo $_GET['ID']; ?>' method='POST'>
--- 109,113 ----
<br>
<?php
! if($meeting->Status != "done" && $user->membertype == "administrator") {
?>
<form onsubmit="return dhtmlEditorPrepareSubmit();" action='viewmeeting.php?ID=<?php echo $_GET['ID']; ?>' method='POST'>
***************
*** 158,162 ****
// List the people currently in the array
foreach($people as $people){
! echo "\n <option>$people</option>";
}
--- 157,161 ----
// List the people currently in the array
foreach($people as $people){
! echo "\n <option>$people</option>";
}
***************
*** 173,179 ****
<br>
<?php
! }
! }
}
! include($footer);
! ?>
\ No newline at end of file
--- 172,177 ----
<br>
<?php
! }
}
! include_once($footer);
! ?>
|
