Menu
▾
▴
[xoops-svn] SF.net SVN: xoops-svn:[12192] XoopsCore/branches/2.5.x/2.5.7/htdocs/modules /profile
|
From: <rgr...@us...> - 2013-10-22 17:13:46
|
Revision: 12192
http://sourceforge.net/p/xoops/svn/12192
Author: rgriffith
Date: 2013-10-22 17:13:44 +0000 (Tue, 22 Oct 2013)
Log Message:
-----------
Patch for input validation bypass issue reported by Tatane.
There are steps which should be taken but this should solve the most important issues.
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php 2013-10-21 09:25:26 UTC (rev 12191)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php 2013-10-22 17:13:44 UTC (rev 12192)
@@ -279,6 +279,13 @@
*/
function profile_getRegisterForm(&$user, $profile, $step = null)
{
+ global $opkey; // should be set in register.php
+ if (empty($opkey)) {
+ $opkey='profile_opname';
+ }
+ $next_opname = 'op' . mt_rand(10000, 99999);
+ $_SESSION[$opkey] = $next_opname;
+
include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
if (empty($GLOBALS['xoopsConfigUser'])) {
$config_handler =& xoops_gethandler('config');
@@ -358,6 +365,7 @@
$reg_form->addElement(new XoopsFormCaptcha(), true);
}
+ $reg_form->addElement(new XoopsFormHidden($next_opname, 'register'));
$reg_form->addElement(new XoopsFormHidden('uid', $user->getVar('uid')));
$reg_form->addElement(new XoopsFormHidden('step', $step_no) );
$reg_form->addElement(new XoopsFormButton('', 'submitButton', _SUBMIT, 'submit'));
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php 2013-10-21 09:25:26 UTC (rev 12191)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php 2013-10-22 17:13:44 UTC (rev 12192)
@@ -41,7 +41,19 @@
exit();
}
-$op = !isset($_POST['op']) ? 'register' : $_POST['op'];
+// get the key we need to access out 'op' in $_POST
+// if this key is not set, empty $_POST since this is a new registration and
+// no legitimate data would be there.
+$opkey = 'profile_opname';
+if (isset($_SESSION[$opkey])) {
+ $current_opname = $_SESSION[$opkey];
+ unset($_SESSION[$opkey]);
+} else {
+ $_POST=array();
+ $current_opname = 'op'; // does not matter, it isn't there
+}
+
+$op = !isset($_POST[$current_opname]) ? 'register' : $_POST[$current_opname];
$current_step = isset($_POST['step']) ? intval( $_POST['step'] ) : 0;
// The newly introduced variable $_SESSION['profile_post'] is contaminated by $_POST, thus we use an old vaiable to hold uid parameter
|
