Revision 1353
Added by FrankH almost 15 years ago
| branches/2.8.x/CHANGELOG | ||
|---|---|---|
| 11 | 11 |
! = Update/Change |
| 12 | 12 |
|
| 13 | 13 |
------------------------------------- 2.8.2 ------------------------------------- |
| 14 |
26 Dec-2010 Frank Heyne (FrankH) |
|
| 15 |
# security fix: in modules/admin.php - check whether section belongs to page |
|
| 16 |
! security fix: changed $section_required into $no_section_required (apparently used by no module at all) |
|
| 17 |
# security fix: in path admin/users/ - added FTAN check |
|
| 18 |
# security fix: remaining vulnerabilities mentioned in http://secunia.com/secunia_research/2010-91/ |
|
| 19 |
# security fix: vulnerabilities mentioned in http://secunia.com/secunia_research/2010-92/ |
|
| 20 |
# security fix: remaining vulnerabilities mentioned in http://secunia.com/secunia_research/2010-93/ |
|
| 14 | 21 |
21 Dec-2010 Dietmar Woellbrink (Luisehahne) |
| 15 | 22 |
# fix if upgrade module can now overwrite existing newer files in modules folder |
| 16 | 23 |
# same for upgrade templates |
| branches/2.8.x/wb/admin/templates/details.php | ||
|---|---|---|
| 34 | 34 |
header("Location: index.php");
|
| 35 | 35 |
exit(0); |
| 36 | 36 |
} else {
|
| 37 |
$file = $admin->add_slashes($_POST['file']);
|
|
| 37 |
$file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-2
|
|
| 38 | 38 |
} |
| 39 | 39 |
|
| 40 | 40 |
// Check if the template exists |
| branches/2.8.x/wb/admin/pages/settings2.php | ||
|---|---|---|
| 36 | 36 |
// Get values |
| 37 | 37 |
$page_title = htmlspecialchars($admin->get_post_escaped('page_title') );
|
| 38 | 38 |
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title') );
|
| 39 |
$page_code = $admin->get_post_escaped('page_code');
|
|
| 39 |
$page_code = (int) $admin->get_post_escaped('page_code');
|
|
| 40 | 40 |
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')) );
|
| 41 | 41 |
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')) );
|
| 42 |
$parent = $admin->get_post_escaped('parent');
|
|
| 42 |
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3
|
|
| 43 | 43 |
$visibility = $admin->get_post_escaped('visibility');
|
| 44 |
$template = $admin->get_post_escaped('template');
|
|
| 45 |
$target = $admin->get_post_escaped('target');
|
|
| 44 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) $visibility = 'public'; // fix
|
|
| 45 |
$template = preg_replace("/\W/", "", $admin->get_post_escaped('template')); // fix secunia 2010-93-3
|
|
| 46 |
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target'));
|
|
| 46 | 47 |
$admin_groups = $admin->get_post_escaped('admin_groups');
|
| 47 | 48 |
$viewing_groups = $admin->get_post_escaped('viewing_groups');
|
| 48 | 49 |
$searching = $admin->get_post_escaped('searching');
|
| 49 |
$language = $admin->get_post_escaped('language');
|
|
| 50 |
$menu = $admin->get_post_escaped('menu');
|
|
| 50 |
$language = strtoupper($admin->get_post('language'));
|
|
| 51 |
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
|
|
| 52 |
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3
|
|
| 51 | 53 |
|
| 52 | 54 |
// Validate data |
| 53 | 55 |
if($page_title == '' || substr($page_title,0,1)=='.') |
| ... | ... | |
| 95 | 97 |
//if(!in_array(1, $admin->get_groups_id())) {
|
| 96 | 98 |
// $admin_groups[] = implode(",",$admin->get_groups_id());
|
| 97 | 99 |
//} |
| 98 |
$admin_groups = implode(',', $admin_groups);
|
|
| 100 |
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));
|
|
| 99 | 101 |
// Setup viewing groups |
| 100 | 102 |
$viewing_groups[] = 1; |
| 101 | 103 |
//if(!in_array(1, $admin->get_groups_id())) {
|
| 102 | 104 |
// $viewing_groups[] = implode(",",$admin->get_groups_id());
|
| 103 | 105 |
//} |
| 104 |
$viewing_groups = implode(',', $viewing_groups);
|
|
| 106 |
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));
|
|
| 105 | 107 |
|
| 106 | 108 |
// If needed, get new order |
| 107 | 109 |
if($parent != $old_parent) |
| ... | ... | |
| 193 | 195 |
$sql .= '`language` = "'.$language.'", '; |
| 194 | 196 |
$sql .= '`admin_groups` = "'.$admin_groups.'", '; |
| 195 | 197 |
$sql .= '`viewing_groups` = "'.$viewing_groups.'"'; |
| 196 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.(int)$page_code.' ' : ' ';
|
|
| 198 |
$sql .= (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES) && $field_set && (file_exists(WB_PATH.'/modules/mod_multilingual/update_keys.php')) ? ', `page_code` = '.$page_code.' ' : ' ';
|
|
| 197 | 199 |
$sql .= 'WHERE `page_id` = '.$page_id; |
| 198 | 200 |
$database->query($sql); |
| 199 | 201 |
|
| branches/2.8.x/wb/admin/pages/sections.php | ||
|---|---|---|
| 78 | 78 |
} elseif(isset($_POST['module']) && $_POST['module'] != '') |
| 79 | 79 |
{
|
| 80 | 80 |
// Get section info |
| 81 |
$module = $admin->add_slashes($_POST['module']);
|
|
| 81 |
$module = preg_replace("/\W/", "", $admin->add_slashes($_POST['module'])); // fix secunia 2010-91-4
|
|
| 82 | 82 |
// Include the ordering class |
| 83 | 83 |
require(WB_PATH.'/framework/class.order.php'); |
| 84 | 84 |
// Get new order |
| branches/2.8.x/wb/admin/pages/add.php | ||
|---|---|---|
| 27 | 27 |
// Get values |
| 28 | 28 |
$title = $admin->get_post_escaped('title');
|
| 29 | 29 |
$title = htmlspecialchars($title); |
| 30 |
$module = $admin->get_post('type');
|
|
| 31 |
$parent = $admin->get_post('parent');
|
|
| 30 |
$module = preg_replace("/\W/", "", $admin->get_post('type')); // fix secunia 2010-93-4
|
|
| 31 |
$parent = (int) $admin->get_post('parent'); // fix secunia 2010-91-2
|
|
| 32 | 32 |
$visibility = $admin->get_post('visibility');
|
| 33 |
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) $visibility = 'public'; // fix secunia 2010-91-2
|
|
| 33 | 34 |
$admin_groups = $admin->get_post('admin_groups');
|
| 34 | 35 |
$viewing_groups = $admin->get_post('viewing_groups');
|
| 35 | 36 |
|
| ... | ... | |
| 88 | 89 |
} |
| 89 | 90 |
} |
| 90 | 91 |
|
| 91 |
$admin_groups = implode(',', $admin_groups);
|
|
| 92 |
$viewing_groups = implode(',', $viewing_groups);
|
|
| 92 |
$admin_groups = preg_replace("/[^\d,]/", "", implode(',', $admin_groups));
|
|
| 93 |
$viewing_groups = preg_replace("/[^\d,]/", "", implode(',', $viewing_groups));
|
|
| 93 | 94 |
|
| 94 | 95 |
// Work-out what the link and page filename should be |
| 95 | 96 |
if($parent == '0') |
| branches/2.8.x/wb/admin/interface/version.php | ||
|---|---|---|
| 52 | 52 |
|
| 53 | 53 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
| 54 | 54 |
if(!defined('VERSION')) define('VERSION', '2.8.2.RC1');
|
| 55 |
if(!defined('REVISION')) define('REVISION', '1352');
|
|
| 55 |
if(!defined('REVISION')) define('REVISION', '1353');
|
|
| 56 | 56 |
|
| 57 | 57 |
?> |
| branches/2.8.x/wb/admin/users/save.php | ||
|---|---|---|
| 22 | 22 |
$admin = new admin('Access', 'users_modify');
|
| 23 | 23 |
|
| 24 | 24 |
// Create new database object |
| 25 |
$database = new database(); |
|
| 25 |
//$database = new database(); |
|
| 26 |
if( !$admin->checkFTAN() ) |
|
| 27 |
{
|
|
| 28 |
$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php'); |
|
| 29 |
exit(); |
|
| 30 |
} |
|
| 26 | 31 |
|
| 27 | 32 |
// Check if user id is a valid number and doesnt equal 1 |
| 28 | 33 |
if(!isset($_POST['user_id']) OR !is_numeric($_POST['user_id']) OR $_POST['user_id'] == 1) {
|
| branches/2.8.x/wb/admin/users/users.php | ||
|---|---|---|
| 53 | 53 |
$template->set_file('page', 'users_form.htt');
|
| 54 | 54 |
$template->set_block('page', 'main_block', 'main');
|
| 55 | 55 |
$template->set_var( array( |
| 56 |
'ACTION_URL' => ADMIN_URL.'/users/save.php', |
|
| 57 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
| 58 |
'USER_ID' => $user['user_id'], |
|
| 59 |
'USERNAME' => $user['username'], |
|
| 60 |
'DISPLAY_NAME' => $user['display_name'], |
|
| 61 |
'EMAIL' => $user['email'], |
|
| 62 |
'ADMIN_URL' => ADMIN_URL, |
|
| 63 |
'WB_URL' => WB_URL, |
|
| 64 |
'WB_PATH' => WB_PATH, |
|
| 65 |
'THEME_URL' => THEME_URL |
|
| 66 |
) |
|
| 67 |
); |
|
| 56 |
'ACTION_URL' => ADMIN_URL.'/users/save.php', |
|
| 57 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
| 58 |
'USER_ID' => $user['user_id'], |
|
| 59 |
'USERNAME' => $user['username'], |
|
| 60 |
'DISPLAY_NAME' => $user['display_name'], |
|
| 61 |
'EMAIL' => $user['email'], |
|
| 62 |
'ADMIN_URL' => ADMIN_URL, |
|
| 63 |
'WB_URL' => WB_URL, |
|
| 64 |
'WB_PATH' => WB_PATH, |
|
| 65 |
'THEME_URL' => THEME_URL |
|
| 66 |
) |
|
| 67 |
); |
|
| 68 |
|
|
| 69 |
$template->set_var('FTAN', $admin->getFTAN());
|
|
| 68 | 70 |
if($user['active'] == 1) {
|
| 69 | 71 |
$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
|
| 70 | 72 |
} else {
|
| branches/2.8.x/wb/admin/users/index.php | ||
|---|---|---|
| 101 | 101 |
$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
|
| 102 | 102 |
$template->set_var('ACTION_URL', ADMIN_URL.'/users/add.php');
|
| 103 | 103 |
$template->set_var('SUBMIT_TITLE', $TEXT['ADD']);
|
| 104 |
$template->set_var('FTAN', $admin->getFTAN());
|
|
| 104 | 105 |
// insert urls |
| 105 | 106 |
$template->set_var(array( |
| 106 | 107 |
'ADMIN_URL' => ADMIN_URL, |
| branches/2.8.x/wb/admin/users/add.php | ||
|---|---|---|
| 22 | 22 |
$admin = new admin('Access', 'users_add');
|
| 23 | 23 |
|
| 24 | 24 |
// Create new database object |
| 25 |
$database = new database(); |
|
| 25 |
//$database = new database(); |
|
| 26 |
if( !$admin->checkFTAN() ) |
|
| 27 |
{
|
|
| 28 |
$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php'); |
|
| 29 |
exit(); |
|
| 30 |
} |
|
| 26 | 31 |
|
| 27 | 32 |
// Get details entered |
| 28 | 33 |
$groups_id = implode(",", $admin->add_slashes($_POST['groups'])); //should check permissions
|
| branches/2.8.x/wb/admin/languages/details.php | ||
|---|---|---|
| 28 | 28 |
|
| 29 | 29 |
// Get language name |
| 30 | 30 |
if(!isset($_POST['code']) OR $_POST['code'] == "") {
|
| 31 |
header("Location: index.php");
|
|
| 32 |
exit(0); |
|
| 31 |
$code = ''; |
|
| 33 | 32 |
} else {
|
| 34 | 33 |
$code = $_POST['code']; |
| 35 | 34 |
} |
| 36 | 35 |
|
| 36 |
// fix secunia 2010-93-2 |
|
| 37 |
if (!preg_match('/^[A-Z]{2}$/', $code)) {
|
|
| 38 |
header("Location: index.php");
|
|
| 39 |
exit(0); |
|
| 40 |
} |
|
| 41 |
|
|
| 37 | 42 |
// Check if the language exists |
| 38 | 43 |
if(!file_exists(WB_PATH.'/languages/'.$code.'.php')) {
|
| 39 | 44 |
header("Location: index.php");
|
| branches/2.8.x/wb/admin/modules/details.php | ||
|---|---|---|
| 38 | 38 |
} |
| 39 | 39 |
else |
| 40 | 40 |
{
|
| 41 |
$file = $admin->add_slashes($_POST['file']);
|
|
| 41 |
$file = preg_replace("/\W/", "", $admin->add_slashes($_POST['file'])); // fix secunia 2010-92-1
|
|
| 42 | 42 |
} |
| 43 | 43 |
|
| 44 | 44 |
// Check if the module exists |
| branches/2.8.x/wb/templates/wb_theme/templates/users_form.htt | ||
|---|---|---|
| 12 | 12 |
<form name="user" action="{ACTION_URL}" method="post" class="{DISPLAY_ADD}">
|
| 13 | 13 |
<input type="hidden" name="user_id" value="{USER_ID}" />
|
| 14 | 14 |
<input type="hidden" name="username_fieldname" value="{USERNAME_FIELDNAME}" />
|
| 15 |
|
|
| 15 |
{FTAN}
|
|
| 16 | 16 |
<table cellpadding="5" cellspacing="0" border="0" width="100%"> |
| 17 | 17 |
<tr> |
| 18 | 18 |
<td width="150">{TEXT_USERNAME}:</td>
|
| branches/2.8.x/wb/templates/argos_theme/templates/users_form.htt | ||
|---|---|---|
| 12 | 12 |
<form name="user" action="{ACTION_URL}" method="post" class="{DISPLAY_ADD}">
|
| 13 | 13 |
<input type="hidden" name="user_id" value="{USER_ID}" />
|
| 14 | 14 |
<input type="hidden" name="username_fieldname" value="{USERNAME_FIELDNAME}" />
|
| 15 |
|
|
| 15 |
{FTAN}
|
|
| 16 | 16 |
<table cellpadding="5" cellspacing="0" border="0" width="100%"> |
| 17 | 17 |
<tr> |
| 18 | 18 |
<td width="150">{TEXT_USERNAME}:</td>
|
| branches/2.8.x/wb/modules/admin.php | ||
|---|---|---|
| 43 | 43 |
$section_id = $_POST['section_id']; |
| 44 | 44 |
} else {
|
| 45 | 45 |
// Check if we should redirect the user if there is no section id |
| 46 |
if(!isset($section_required))
|
|
| 46 |
if (isset($no_section_required))
|
|
| 47 | 47 |
{
|
| 48 | 48 |
$section_id = 0; |
| 49 | 49 |
} else {
|
| ... | ... | |
| 84 | 84 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
| 85 | 85 |
} |
| 86 | 86 |
|
| 87 |
// Check whether the section_id belongs to the page_id at all |
|
| 88 |
if ($section_id != 0) {
|
|
| 89 |
$sql = "SELECT `position` FROM `".TABLE_PREFIX."sections` WHERE `page_id` = '$page_id' AND `section_id` = '$section_id'"; |
|
| 90 |
$res_sec = $database->query($sql); |
|
| 91 |
if ($database->is_error()) |
|
| 92 |
{
|
|
| 93 |
$admin->print_error($database->get_error()); |
|
| 94 |
} |
|
| 95 |
if ($res_sec->numRows() == 0) |
|
| 96 |
{
|
|
| 97 |
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); |
|
| 98 |
} |
|
| 99 |
} |
|
| 100 |
|
|
| 87 | 101 |
// Workout if the developer wants to show the info banner |
| 88 | 102 |
if(isset($print_info_banner) && $print_info_banner == true) |
| 89 | 103 |
{
|
Also available in: Unified diff
Security fixes