Menu
▾
▴
[xoops-svn] SF.net SVN: xoops-svn:[12238] XoopsCore/branches/2.5.x/2.5.7/htdocs
|
From: <rgr...@us...> - 2013-12-10 21:35:52
|
Revision: 12238
http://sourceforge.net/p/xoops/svn/12238
Author: rgriffith
Date: 2013-12-10 21:35:46 +0000 (Tue, 10 Dec 2013)
Log Message:
-----------
Fix potential security issues reported by Pedro Ribeiro of Agile Information Security.
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/viewpmsg.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/xoops_lib/modules/protector/class/protector.php
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php 2013-12-09 21:08:35 UTC (rev 12237)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/pm/viewpmsg.php 2013-12-10 21:35:46 UTC (rev 12238)
@@ -42,9 +42,12 @@
include $GLOBALS['xoops']->path('footer.php');
exit();
} else {
- $_POST['msg_id'] = unserialize($_REQUEST['msg_id']);
- $size = count($_POST['msg_id']);
- $msg = $_POST['msg_id'];
+ $clean_msg_id = json_decode($_POST['msg_id'], true, 2);
+ if (!empty($clean_msg_id)) {
+ $clean_msg_id = array_map("intval", $clean_msg_id);
+ }
+ $size = count($clean_msg_id);
+ $msg =& $clean_msg_id;
for ($i = 0; $i < $size; $i++) {
$pm =& $pm_handler->get($msg[$i]);
if ($pm->getVar('to_userid') == $GLOBALS['xoopsUser']->getVar('uid')) {
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/viewpmsg.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/viewpmsg.php 2013-12-09 21:08:35 UTC (rev 12237)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/viewpmsg.php 2013-12-10 21:35:46 UTC (rev 12238)
@@ -33,13 +33,16 @@
exit();
} elseif (empty($_REQUEST['ok'])) {
include $GLOBALS['xoops']->path('header.php');
- xoops_confirm(array('ok' => 1, 'delete_messages' => 1, 'msg_id'=> serialize(array_map("intval", $_POST['msg_id']))), $_SERVER['REQUEST_URI'], _PM_SURE_TO_DELETE);
+ xoops_confirm(array('ok' => 1, 'delete_messages' => 1, 'msg_id'=> json_encode(array_map("intval", $_POST['msg_id']))), $_SERVER['REQUEST_URI'], _PM_SURE_TO_DELETE);
include $GLOBALS['xoops']->path('footer.php');
exit();
}
- $_POST['msg_id'] = unserialize($_REQUEST['msg_id']);
- $size = count($_POST['msg_id']);
- $msg =& $_POST['msg_id'];
+ $clean_msg_id = json_decode($_POST['msg_id'], true, 2);
+ if (!empty($clean_msg_id)) {
+ $clean_msg_id = array_map("intval", $clean_msg_id);
+ }
+ $size = count($clean_msg_id);
+ $msg =& $clean_msg_id;
for ($i = 0; $i < $size; $i++) {
$pm =& $pm_handler->get(intval($msg[$i]));
if ($pm->getVar('to_userid') == $xoopsUser->getVar('uid')) {
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/xoops_lib/modules/protector/class/protector.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/xoops_lib/modules/protector/class/protector.php 2013-12-09 21:08:35 UTC (rev 12237)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/xoops_lib/modules/protector/class/protector.php 2013-12-10 21:35:46 UTC (rev 12238)
@@ -215,7 +215,11 @@
}
}
- mysql_query( "INSERT INTO ".XOOPS_DB_PREFIX."_".$this->mydirname."_log SET ip='".addslashes($ip)."',agent='".addslashes($agent)."',type='".addslashes($type)."',description='".addslashes($this->message)."',uid='".intval($uid)."',timestamp=NOW()" , $this->_conn ) ;
+ mysql_query( "INSERT INTO ".XOOPS_DB_PREFIX."_".$this->mydirname."_log SET ip='"
+ . mysql_real_escape_string($ip)."',agent='"
+ . mysql_real_escape_string($agent)."',type='"
+ . mysql_real_escape_string($type)."',description='"
+ . mysql_real_escape_string($this->message)."',uid='".intval($uid)."',timestamp=NOW()" , $this->_conn ) ;
$this->_logged = true ;
return true ;
|
