Project

General

Profile

« Previous | Next » 

Revision 1385

Added by FrankH about 14 years ago

  1. Security fix to filter out droplets from user input in news and form modules

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12

  
13 13
------------------------------------- 2.8.2 -------------------------------------
14
16 Jan-2011 Build 1385 Frank Heyne (FrankH)
15
# Security fix to filter out droplets from user input in news and form modules
14 16
16 Jan-2011 Build 1384 Dietmar Woellbrink (Luisehahne)
15 17
! Security fix in admin/pages
16 18
15 Jan-2011 Build 1383 Frank Heyne (FrankH)
branches/2.8.x/wb/admin/interface/version.php
52 52

  
53 53
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
54 54
if(!defined('VERSION')) define('VERSION', '2.8.2.RC4');
55
if(!defined('REVISION')) define('REVISION', '1384');
55
if(!defined('REVISION')) define('REVISION', '1385');
56 56

  
57 57
?>
branches/2.8.x/wb/modules/form/view.php
325 325
				// Add to message body
326 326
				if($field['type'] != '') {
327 327
					if(!empty($_POST['field'.$field['field_id']])) {
328
						// do not allow droplets in user input!
328 329
						if (is_array($_POST['field'.$field['field_id']])) {
329
							$_SESSION['field'.$field['field_id']] = $_POST['field'.$field['field_id']];
330
							$_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), $_POST['field'.$field['field_id']]);
330 331
						} else {
331
							$_SESSION['field'.$field['field_id']] = htmlspecialchars($_POST['field'.$field['field_id']]);
332
							$_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), htmlspecialchars($_POST['field'.$field['field_id']]));
332 333
						}
333 334
						// if the output filter is active, we need to revert (dot) to . and (at) to @ (using current filter settings)
334 335
						// otherwise the entered mail will not be accepted and the recipient would see (dot), (at) etc.
branches/2.8.x/wb/modules/news/save_comment.php
51 51
	$title = strip_tags($admin->get_post_escaped('title'));
52 52
	$comment = strip_tags($admin->get_post_escaped('comment'));
53 53
	$post_id = $admin->getIDKEY($admin->get_post('post_id'));
54
	
55
	// do not allow droplets in user input!
56
	$title = str_replace(array("[[", "]]"), array("[[", "]]"), $title);
57
	$comment = str_replace(array("[[", "]]"), array("[[", "]]"), $comment);
54 58
}
55 59

  
56 60
// Update row

Also available in: Unified diff