phpBB2 by Przemo

Matteo · **Pomógł:** 1932 razy Posty: 5713

In connection with the possibility of XSS attack, please perform the following changes to the forum code:

admin/admin_mass_email.php
FIND:

Kod:

mass_email('', '', '', '', '', $HTTP_GET_VARS['start']);

REPLACE WITH:

Kod:

mass_email('', '', '', '', '', intval($HTTP_GET_VARS['start']));

groupcp_mail.php
FIND:

Kod:

mass_email('', $userdata['user_email'], '', '', '', $HTTP_GET_VARS['start']);

REPLACE WITH:

Kod:

mass_email('', $userdata['user_email'], '', '', '', intval($HTTP_GET_VARS['start']));

common.php
FIND:

Kod:

$PHP_SELF = ($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF'];

BEFORE, ADD:

Kod:

if (isset($HTTP_GET_VARS['sid']) && !preg_match('/^[A-Za-z0-9]*$/', $HTTP_GET_VARS['sid']))
{
$HTTP_GET_VARS['sid'] = '';
}
if (isset($HTTP_POST_VARS['sid']) && !preg_match('/^[A-Za-z0-9]*$/', $HTTP_POST_VARS['sid']))
{
$HTTP_POST_VARS['sid'] = '';
}

viewtopic.php
FIND:

Kod:

$reply_topic_back_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=0&postorder=0&start=" . ($HTTP_GET_VARS['cp'] * $user_posts_per_page));
message_die('GENERAL_MESSAGE', sprintf($lang['Loser_protect'], $HTTP_GET_VARS['cp'], $HTTP_GET_VARS['ap'], '<a href="' . $reply_topic_back_url . '">', '</a>', '<a href="' . $reply_topic_url . '">', '</a>'));

REPLACE WITH:

Kod:

$reply_topic_back_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=0&postorder=0&start=" . (intval($HTTP_GET_VARS['cp']) * $user_posts_per_page));
message_die('GENERAL_MESSAGE', sprintf($lang['Loser_protect'], intval($HTTP_GET_VARS['cp']), intval($HTTP_GET_VARS['ap']), '<a href="' . $reply_topic_back_url . '">', '</a>', '<a href="' . $reply_topic_url . '">', '</a>'));

includes/functions_hierarchy.php
FIND:

Kod:

$link = '<a href="' . $wpgm . '" title="' . $wdesc . '" class="gensmall"' . $style_color . '>' . $wname . '</a>';

REPLACE WITH:

Kod:

$link = '<a href="' . $wpgm . '" title="' . htmlspecialchars(strip_tags($wdesc)) . '" class="gensmall"' . $style_color . '>' . $wname . '</a>';

includes/functions_validate.php
FIND:

Kod:

if (strstr($username, '"') || strstr($username, '&') || strstr($username, chr(160)) || strstr($username, ' ') || strstr(stripslashes($username), '\\') || strstr(stripslashes($username), '%') )

REPLACE WITH:

Kod:

if (strstr($username, '"') || strstr($username, '&') || strstr($username, chr(160)) || strstr($username, chr(173)) || strstr($username, ' ') || strstr(stripslashes($username), '\\') || strstr(stripslashes($username), '%') )

admin/admin_priv_msgs.php
FIND:

Kod:

$delete = (isset($HTTP_GET_VARS['delete'])) ? $HTTP_GET_VARS['delete'] : $HTTP_POST_VARS['delete'];

REPLACE WITH:

Kod:

$delete = (isset($HTTP_GET_VARS['delete'])) ? intval($HTTP_GET_VARS['delete']) : intval($HTTP_POST_VARS['delete']);

FIND:

Kod:

$start = ( isset($HTTP_GET_VARS['start']) ) ? $HTTP_GET_VARS['start'] : 0;

REPLACE WITH:

Kod:

$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;

privmsg.php
FIND:

Kod:

OR privmsgs_type = " . PRIVMSGS_UNERAD_MAIL . " ) ";

REPLACE WITH:

Kod:

OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";

FIND:

Kod:

$min_msg_time = CR_TIME - ($msg_days * 86400);

REPLACE WITH:

Kod:

$min_msg_time = CR_TIME - ($msg_days * 60);

Comment: Several people reported to me about writing code to convert the same. No. In the word UNREAD is replaced letter R and E.

templates/*/login_body.tpl
FIND:

Kod:

REPLACE WITH:

Kod:

For the lazy and people who haven't other modifications - I recommend to download package from main page and overwrite files (except config.php).

For all the people who don't yet update forum to 1.12.6 version - download the new version (from main page too).

For people who don't want to modify files manually - I attach a file .patch, which update forum from version 1.12.6 to 1.12.6p1.

(official content, thanks to chelloPL)

patch_1.12.6-to-1.12.6p1.rar

Pobierz Plik ściągnięto 969 raz(y) 80,07 KB

Gadatliwa Kasia