Revision 1353
Added by FrankH almost 14 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
|
13 | 13 |
------------------------------------- 2.8.2 ------------------------------------- |
14 |
26 Dec-2010 Frank Heyne (FrankH) |
|
15 |
# security fix: in modules/admin.php - check whether section belongs to page |
|
16 |
! security fix: changed $section_required into $no_section_required (apparently used by no module at all) |
|
17 |
# security fix: in path admin/users/ - added FTAN check |
|
18 |
# security fix: remaining vulnerabilities mentioned in http://secunia.com/secunia_research/2010-91/ |
|
19 |
# security fix: vulnerabilities mentioned in http://secunia.com/secunia_research/2010-92/ |
|
20 |
# security fix: remaining vulnerabilities mentioned in http://secunia.com/secunia_research/2010-93/ |
|
14 | 21 |
21 Dec-2010 Dietmar Woellbrink (Luisehahne) |
15 | 22 |
# fix if upgrade module can now overwrite existing newer files in modules folder |
16 | 23 |
# same for upgrade templates |
branches/2.8.x/wb/admin/templates/details.php | ||
---|---|---|
34 | 34 |
header("Location: index.php"); |
35 | 35 |
exit(0); |
36 | 36 |
} else { |
37 |
$file = $admin->add_slashes($_POST['file']);
|
|
37 |
$file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-2
|
|
38 | 38 |
} |
39 | 39 |
|
40 | 40 |
// Check if the template exists |
branches/2.8.x/wb/admin/pages/settings2.php | ||
---|---|---|
36 | 36 |
// Get values |
37 | 37 |
$page_title = htmlspecialchars($admin->get_post_escaped('page_title') ); |
38 | 38 |
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title') ); |
39 |
$page_code = $admin->get_post_escaped('page_code'); |
|
39 |
$page_code = (int) $admin->get_post_escaped('page_code');
|
|
40 | 40 |
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')) ); |
41 | 41 |
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')) ); |
42 |
$parent = $admin->get_post_escaped('parent');
|
|
42 |
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3
|
|
43 | 43 |
$visibility = $admin->get_post_escaped('visibility'); |
44 |
$template = $admin->get_post_escaped('template'); |
|
45 |
$target = $admin->get_post_escaped('target'); |
|
44 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) $visibility = 'public'; // fix |
|
45 |
$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3 |
|
46 |
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target')); |
|
46 | 47 |
$admin_groups = $admin->get_post_escaped('admin_groups'); |
47 | 48 |
$viewing_groups = $admin->get_post_escaped('viewing_groups'); |
48 | 49 |
$searching = $admin->get_post_escaped('searching'); |
49 |
$language = $admin->get_post_escaped('language'); |
|
50 |
$menu = $admin->get_post_escaped('menu'); |
|
50 |
$language = strtoupper($admin->get_post('language')); |
|
51 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE); |
|
52 |
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3 |
|
51 | 53 |
|
52 | 54 |
// Validate data |
53 | 55 |
if($page_title == '' || substr($page_title,0,1)=='.') |
... | ... | |
95 | 97 |
//if(!in_array(1, $admin->get_groups_id())) { |
96 | 98 |
// $admin_groups[] = implode(",",$admin->get_groups_id()); |
97 | 99 |
//} |
98 |
$admin_groups = implode(',', $admin_groups);
|
|
100 |
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));
|
|
99 | 101 |
// Setup viewing groups |
100 | 102 |
$viewing_groups[] = 1; |
101 | 103 |
//if(!in_array(1, $admin->get_groups_id())) { |
102 | 104 |
// $viewing_groups[] = implode(",",$admin->get_groups_id()); |
103 | 105 |
//} |
104 |
$viewing_groups = implode(',', $viewing_groups);
|
|
106 |
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));
|
|
105 | 107 |
|
106 | 108 |
// If needed, get new order |
107 | 109 |
if($parent != $old_parent) |
... | ... | |
193 | 195 |
$sql .= '`language` = "'.$language.'", '; |
194 | 196 |
$sql .= '`admin_groups` = "'.$admin_groups.'", '; |
195 | 197 |
$sql .= '`viewing_groups` = "'.$viewing_groups.'"'; |
196 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.(int)$page_code.' ' : ' ';
|
|
198 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.$page_code.' ' : ' '; |
|
197 | 199 |
$sql .= 'WHERE `page_id` = '.$page_id; |
198 | 200 |
$database->query($sql); |
199 | 201 |
|
branches/2.8.x/wb/admin/pages/sections.php | ||
---|---|---|
78 | 78 |
} elseif(isset($_POST['module']) && $_POST['module'] != '') |
79 | 79 |
{ |
80 | 80 |
// Get section info |
81 |
$module = $admin->add_slashes($_POST['module']);
|
|
81 |
$module = preg_replace("/\W/", "", $admin->add_slashes($_POST['module'])); // fix secunia 2010-91-4
|
|
82 | 82 |
// Include the ordering class |
83 | 83 |
require(WB_PATH.'/framework/class.order.php'); |
84 | 84 |
// Get new order |
branches/2.8.x/wb/admin/pages/add.php | ||
---|---|---|
27 | 27 |
// Get values |
28 | 28 |
$title = $admin->get_post_escaped('title'); |
29 | 29 |
$title = htmlspecialchars($title); |
30 |
$module = $admin->get_post('type');
|
|
31 |
$parent = $admin->get_post('parent');
|
|
30 |
$module = preg_replace("/\W/", "", $admin->get_post('type')); // fix secunia 2010-93-4
|
|
31 |
$parent = (int) $admin->get_post('parent'); // fix secunia 2010-91-2
|
|
32 | 32 |
$visibility = $admin->get_post('visibility'); |
33 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) $visibility = 'public'; // fix secunia 2010-91-2 |
|
33 | 34 |
$admin_groups = $admin->get_post('admin_groups'); |
34 | 35 |
$viewing_groups = $admin->get_post('viewing_groups'); |
35 | 36 |
|
... | ... | |
88 | 89 |
} |
89 | 90 |
} |
90 | 91 |
|
91 |
$admin_groups = implode(',', $admin_groups);
|
|
92 |
$viewing_groups = implode(',', $viewing_groups);
|
|
92 |
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));
|
|
93 |
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));
|
|
93 | 94 |
|
94 | 95 |
// Work-out what the link and page filename should be |
95 | 96 |
if($parent == '0') |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
52 | 52 |
|
53 | 53 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
54 | 54 |
if(!defined('VERSION')) define('VERSION', '2.8.2.RC1'); |
55 |
if(!defined('REVISION')) define('REVISION', '1352');
|
|
55 |
if(!defined('REVISION')) define('REVISION', '1353');
|
|
56 | 56 |
|
57 | 57 |
?> |
branches/2.8.x/wb/admin/users/save.php | ||
---|---|---|
22 | 22 |
$admin = new admin('Access', 'users_modify'); |
23 | 23 |
|
24 | 24 |
// Create new database object |
25 |
$database = new database(); |
|
25 |
//$database = new database(); |
|
26 |
if( !$admin->checkFTAN() ) |
|
27 |
{ |
|
28 |
$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php'); |
|
29 |
exit(); |
|
30 |
} |
|
26 | 31 |
|
27 | 32 |
// Check if user id is a valid number and doesnt equal 1 |
28 | 33 |
if(!isset($_POST['user_id']) OR !is_numeric($_POST['user_id']) OR $_POST['user_id'] == 1) { |
branches/2.8.x/wb/admin/users/users.php | ||
---|---|---|
53 | 53 |
$template->set_file('page', 'users_form.htt'); |
54 | 54 |
$template->set_block('page', 'main_block', 'main'); |
55 | 55 |
$template->set_var( array( |
56 |
'ACTION_URL' => ADMIN_URL.'/users/save.php', |
|
57 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
58 |
'USER_ID' => $user['user_id'], |
|
59 |
'USERNAME' => $user['username'], |
|
60 |
'DISPLAY_NAME' => $user['display_name'], |
|
61 |
'EMAIL' => $user['email'], |
|
62 |
'ADMIN_URL' => ADMIN_URL, |
|
63 |
'WB_URL' => WB_URL, |
|
64 |
'WB_PATH' => WB_PATH, |
|
65 |
'THEME_URL' => THEME_URL |
|
66 |
) |
|
67 |
); |
|
56 |
'ACTION_URL' => ADMIN_URL.'/users/save.php', |
|
57 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
58 |
'USER_ID' => $user['user_id'], |
|
59 |
'USERNAME' => $user['username'], |
|
60 |
'DISPLAY_NAME' => $user['display_name'], |
|
61 |
'EMAIL' => $user['email'], |
|
62 |
'ADMIN_URL' => ADMIN_URL, |
|
63 |
'WB_URL' => WB_URL, |
|
64 |
'WB_PATH' => WB_PATH, |
|
65 |
'THEME_URL' => THEME_URL |
|
66 |
) |
|
67 |
); |
|
68 |
|
|
69 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
68 | 70 |
if($user['active'] == 1) { |
69 | 71 |
$template->set_var('ACTIVE_CHECKED', ' checked="checked"'); |
70 | 72 |
} else { |
branches/2.8.x/wb/admin/users/index.php | ||
---|---|---|
101 | 101 |
$template->set_var('ACTIVE_CHECKED', ' checked="checked"'); |
102 | 102 |
$template->set_var('ACTION_URL', ADMIN_URL.'/users/add.php'); |
103 | 103 |
$template->set_var('SUBMIT_TITLE', $TEXT['ADD']); |
104 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
104 | 105 |
// insert urls |
105 | 106 |
$template->set_var(array( |
106 | 107 |
'ADMIN_URL' => ADMIN_URL, |
branches/2.8.x/wb/admin/users/add.php | ||
---|---|---|
22 | 22 |
$admin = new admin('Access', 'users_add'); |
23 | 23 |
|
24 | 24 |
// Create new database object |
25 |
$database = new database(); |
|
25 |
//$database = new database(); |
|
26 |
if( !$admin->checkFTAN() ) |
|
27 |
{ |
|
28 |
$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php'); |
|
29 |
exit(); |
|
30 |
} |
|
26 | 31 |
|
27 | 32 |
// Get details entered |
28 | 33 |
$groups_id = implode(",", $admin->add_slashes($_POST['groups'])); //should check permissions |
branches/2.8.x/wb/admin/languages/details.php | ||
---|---|---|
28 | 28 |
|
29 | 29 |
// Get language name |
30 | 30 |
if(!isset($_POST['code']) OR $_POST['code'] == "") { |
31 |
header("Location: index.php"); |
|
32 |
exit(0); |
|
31 |
$code = ''; |
|
33 | 32 |
} else { |
34 | 33 |
$code = $_POST['code']; |
35 | 34 |
} |
36 | 35 |
|
36 |
// fix secunia 2010-93-2 |
|
37 |
if (!preg_match('/^[A-Z]{2}$/', $code)) { |
|
38 |
header("Location: index.php"); |
|
39 |
exit(0); |
|
40 |
} |
|
41 |
|
|
37 | 42 |
// Check if the language exists |
38 | 43 |
if(!file_exists(WB_PATH.'/languages/'.$code.'.php')) { |
39 | 44 |
header("Location: index.php"); |
branches/2.8.x/wb/admin/modules/details.php | ||
---|---|---|
38 | 38 |
} |
39 | 39 |
else |
40 | 40 |
{ |
41 |
$file = $admin->add_slashes($_POST['file']);
|
|
41 |
$file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-1
|
|
42 | 42 |
} |
43 | 43 |
|
44 | 44 |
// Check if the module exists |
branches/2.8.x/wb/templates/wb_theme/templates/users_form.htt | ||
---|---|---|
12 | 12 |
<form name="user" action="{ACTION_URL}" method="post" class="{DISPLAY_ADD}"> |
13 | 13 |
<input type="hidden" name="user_id" value="{USER_ID}" /> |
14 | 14 |
<input type="hidden" name="username_fieldname" value="{USERNAME_FIELDNAME}" /> |
15 |
|
|
15 |
{FTAN} |
|
16 | 16 |
<table cellpadding="5" cellspacing="0" border="0" width="100%"> |
17 | 17 |
<tr> |
18 | 18 |
<td width="150">{TEXT_USERNAME}:</td> |
branches/2.8.x/wb/templates/argos_theme/templates/users_form.htt | ||
---|---|---|
12 | 12 |
<form name="user" action="{ACTION_URL}" method="post" class="{DISPLAY_ADD}"> |
13 | 13 |
<input type="hidden" name="user_id" value="{USER_ID}" /> |
14 | 14 |
<input type="hidden" name="username_fieldname" value="{USERNAME_FIELDNAME}" /> |
15 |
|
|
15 |
{FTAN} |
|
16 | 16 |
<table cellpadding="5" cellspacing="0" border="0" width="100%"> |
17 | 17 |
<tr> |
18 | 18 |
<td width="150">{TEXT_USERNAME}:</td> |
branches/2.8.x/wb/modules/admin.php | ||
---|---|---|
43 | 43 |
$section_id = $_POST['section_id']; |
44 | 44 |
} else { |
45 | 45 |
// Check if we should redirect the user if there is no section id |
46 |
if(!isset($section_required))
|
|
46 |
if (isset($no_section_required))
|
|
47 | 47 |
{ |
48 | 48 |
$section_id = 0; |
49 | 49 |
} else { |
... | ... | |
84 | 84 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
85 | 85 |
} |
86 | 86 |
|
87 |
// Check whether the section_id belongs to the page_id at all |
|
88 |
if ($section_id != 0) { |
|
89 |
$sql = "SELECT `position` FROM `".TABLE_PREFIX."sections` WHERE `page_id` = '$page_id' AND `section_id` = '$section_id'"; |
|
90 |
$res_sec = $database->query($sql); |
|
91 |
if ($database->is_error()) |
|
92 |
{ |
|
93 |
$admin->print_error($database->get_error()); |
|
94 |
} |
|
95 |
if ($res_sec->numRows() == 0) |
|
96 |
{ |
|
97 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
98 |
} |
|
99 |
} |
|
100 |
|
|
87 | 101 |
// Workout if the developer wants to show the info banner |
88 | 102 |
if(isset($print_info_banner) && $print_info_banner == true) |
89 | 103 |
{ |
Also available in: Unified diff
Security fixes