Project

General

Profile

« Previous | Next » 

Revision 353

Added by ryan about 18 years ago

Fixed more security issue's related to ticket #237

View differences:

trunk/CHANGELOG
11 11 
! = Update/Change
12 12 

  		




  13
  13
  
    
------------------------------------- 2.6.4 -------------------------------------


  		




  
  14
  
    
20-May-2006 Ryan Djurovich


  		




  
  15
  
    
#	Fixed security issues related to #237


  		




  14
  16
  
    
19-May-2006 Ryan Djurovich


  		




  15
  17
  
    
#	Fixed problem in forgotten login form where email field is too short (#207)


  		




  16
  18
  
    
#	Fixed typo in forgotten login details email (#190)


  		




  
  19
  
    
15-May-2006 Stefan Braunewell


  		




  
  20
  
    
#	Fixed security issues (#237)


  		




  17
  21
  
    
03-May-2006 Stefan Braunewell


  		




  18
  22
  
    
#	Fixed problems with pre-2.6.0 modules in section list


  		




  19
  23
  
    
#	Fixed e-mail bug caused by From: headers in internal mail function calls


  		












  

    
      trunk/wb/admin/preferences/details.php
    
  





  29
  29
  
    
$admin = new admin('Preferences');


  		




  30
  30
  
    

  		




  31
  31
  
    
// Get entered values


  		




  32
  
  
    
$display_name = $admin->add_slashes($admin->get_post('display_name'));


  		




  
  32
  
    
$display_name = $wb->add_slashes(strip_tags($admin->get_post('display_name')));


  		




  33
  33
  
    
$language = $admin->get_post('language');


  		




  34
  34
  
    
$timezone = $admin->get_post('timezone')*60*60;


  		




  35
  35
  
    
$date_format = $admin->get_post('date_format');


  		












  

    
      trunk/wb/admin/preferences/email.php
    
  





  48
  48
  
    
	$admin->print_error($MESSAGE['USERS']['INVALID_EMAIL']);


  		




  49
  49
  
    
}


  		




  50
  50
  
    

  		




  
  51
  
    
$email = $wb->add_slashes($email);


  		




  
  52
  
    

  		




  51
  53
  
    
// Update the database


  		




  52
  54
  
    
$database = new database();


  		




  53
  55
  
    
$query = "UPDATE ".TABLE_PREFIX."users SET email = '$email' WHERE user_id = '".$admin->get_user_id()."'";


  		












  

    
      trunk/wb/account/details.php
    
  





  29
  29
  
    
}


  		




  30
  30
  
    

  		




  31
  31
  
    
// Get entered values


  		




  32
  
  
    
$display_name = $wb->get_post('display_name');


  		




  
  32
  
    
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));


  		




  33
  33
  
    
$language = $wb->get_post('language');


  		




  34
  34
  
    
$timezone = $wb->get_post('timezone')*60*60;


  		




  35
  35
  
    
$date_format = $wb->get_post('date_format');


  		












  

    
      trunk/wb/account/email.php
    
  





  49
  49
  
    
	$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);


  		




  50
  50
  
    
}


  		




  51
  51
  
    

  		




  
  52
  
    
$email = $wb->add_slashes($email);


  		




  
  53
  
    

  		




  52
  54
  
    
// Update the database


  		




  53
  55
  
    
$database = new database();


  		




  54
  56
  
    
$query = "UPDATE ".TABLE_PREFIX."users SET email = '$email' WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";


  		












Also available in:  Unified diff