To jest tylko wersja do druku, aby zobaczyć pełną wersję tematu, kliknij TUTAJ
phpBB2 by Przemo
Support forów phpBB2 modified by Przemo

English version - phpBB2 by Przemo 1.12.6 UPDATE 1

Matteo - 30-08-2010, 13:01
Temat postu: phpBB2 by Przemo 1.12.6 UPDATE 1
In connection with the possibility of XSS attack, please perform the following changes to the forum code:

admin/admin_mass_email.php
FIND:
Kod:
mass_email('', '', '', '', '', $HTTP_GET_VARS['start']);

REPLACE WITH:
Kod:
mass_email('', '', '', '', '', intval($HTTP_GET_VARS['start']));

groupcp_mail.php
FIND:
Kod:
mass_email('', $userdata['user_email'], '', '', '', $HTTP_GET_VARS['start']);

REPLACE WITH:
Kod:
mass_email('', $userdata['user_email'], '', '', '', intval($HTTP_GET_VARS['start']));

common.php
FIND:
Kod:
$PHP_SELF = ($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF'];

BEFORE, ADD:
Kod:
if (isset($HTTP_GET_VARS['sid']) && !preg_match('/^[A-Za-z0-9]*$/', $HTTP_GET_VARS['sid']))
{
       $HTTP_GET_VARS['sid'] = '';
}
if (isset($HTTP_POST_VARS['sid']) && !preg_match('/^[A-Za-z0-9]*$/', $HTTP_POST_VARS['sid']))
{
       $HTTP_POST_VARS['sid'] = '';
}

viewtopic.php
FIND:
Kod:
$reply_topic_back_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=0&postorder=0&start=" . ($HTTP_GET_VARS['cp'] * $user_posts_per_page));
message_die('GENERAL_MESSAGE', sprintf($lang['Loser_protect'], $HTTP_GET_VARS['cp'], $HTTP_GET_VARS['ap'], '<a href="' . $reply_topic_back_url . '">', '</a>', '<a href="' . $reply_topic_url . '">', '</a>'));

REPLACE WITH:
Kod:
$reply_topic_back_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;postdays=0&amp;postorder=0&amp;start=" . (intval($HTTP_GET_VARS['cp']) * $user_posts_per_page));
message_die('GENERAL_MESSAGE', sprintf($lang['Loser_protect'], intval($HTTP_GET_VARS['cp']), intval($HTTP_GET_VARS['ap']), '<a href="' . $reply_topic_back_url . '">', '</a>', '<a href="' . $reply_topic_url . '">', '</a>'));

includes/functions_hierarchy.php
FIND:
Kod:
$link = '<a href="' . $wpgm . '" title="' . $wdesc . '" class="gensmall"' . $style_color . '>' . $wname . '</a>';

REPLACE WITH:
Kod:
$link = '<a href="' . $wpgm . '" title="' . htmlspecialchars(strip_tags($wdesc)) . '" class="gensmall"' . $style_color . '>' . $wname . '</a>';

includes/functions_validate.php
FIND:
Kod:
if (strstr($username, '"') || strstr($username, '&') || strstr($username, chr(160)) || strstr($username, '  ') || strstr(stripslashes($username), '\\') || strstr(stripslashes($username), '%')  )

REPLACE WITH:
Kod:
if (strstr($username, '"') || strstr($username, '&') || strstr($username, chr(160)) || strstr($username, chr(173)) || strstr($username, '  ') || strstr(stripslashes($username), '\\') || strstr(stripslashes($username), '%')  )

admin/admin_priv_msgs.php
FIND:
Kod:
$delete = (isset($HTTP_GET_VARS['delete'])) ? $HTTP_GET_VARS['delete'] : $HTTP_POST_VARS['delete'];

REPLACE WITH:
Kod:
$delete = (isset($HTTP_GET_VARS['delete'])) ? intval($HTTP_GET_VARS['delete']) : intval($HTTP_POST_VARS['delete']);

FIND:
Kod:
$start = ( isset($HTTP_GET_VARS['start']) ) ? $HTTP_GET_VARS['start'] : 0;

REPLACE WITH:
Kod:
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;

privmsg.php
FIND:
Kod:
OR privmsgs_type = " . PRIVMSGS_UNERAD_MAIL . " ) ";

REPLACE WITH:
Kod:
OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";

FIND:
Kod:
$min_msg_time = CR_TIME - ($msg_days * 86400);

REPLACE WITH:
Kod:
$min_msg_time = CR_TIME - ($msg_days * 60);
Comment: Several people reported to me about writing code to convert the same. No. In the word UNREAD is replaced letter R and E.

templates/*/login_body.tpl
FIND:
Kod:
<td><input type="password" name="password" size="25" maxlength="25" class="post2" onFocus="Active(this)" onBlur="NotActive(this)" /></td>

REPLACE WITH:
Kod:
<td><input type="password" name="password" size="25" maxlength="40" class="post2" onFocus="Active(this)" onBlur="NotActive(this)" /></td>


For the lazy and people who haven't other modifications - I recommend to download package from main page and overwrite files (except config.php).

For all the people who don't yet update forum to 1.12.6 version - download the new version (from main page too).

For people who don't want to modify files manually - I attach a file .patch, which update forum from version 1.12.6 to 1.12.6p1.

(official content, thanks to chelloPL)



Powered by phpBB modified by Przemo © 2003 phpBB Group