Project

General

Profile

« Previous | Next » 

Revision 1407

Added by FrankH almost 14 years ago

  1. various Security fixes, thanks to secunia and others

View differences:

branches/2.8.x/CHANGELOG
11 11 
! = Update/Change
12 12 

  		




  13
  13
  
    
------------------------------------- 2.8.2 -------------------------------------


  		




  
  14
  
    
22 Jan-2011 Build 1407 Frank Heyne (FrankH)


  		




  
  15
  
    
# various Security fixes, thanks to secunia and others 


  		




  14
  16
  
    
22 Jan-2011 Build 1406 Frank Heyne (FrankH)


  		




  15
  17
  
    
# Security fix to stop users from changing module contents without permission, thanks to Michael Schwarz 


  		




  16
  18
  
    
22 Jan-2011 Build 1405 Frank Heyne (FrankH)


  		












  

    
      branches/2.8.x/wb/admin/media/browse.php
    
  





  49
  49
  
    
// Get file extension


  		




  50
  50
  
    
function get_filetype($fname) {


  		




  51
  51
  
    
	$pathinfo = pathinfo($fname);


  		




  52
  
  
    
	$extension = strtolower($pathinfo['extension']);


  		




  
  52
  
    
	$extension = (isset($pathinfo['extension'])) ? strtolower($pathinfo['extension']) : '';


  		




  53
  53
  
    
	return $extension;


  		




  54
  54
  
    
}


  		




  55
  55
  
    

  		




  56
  56
  
    
// Get file extension for icons


  		




  57
  57
  
    
function get_filetype_icon($fname) {


  		




  58
  58
  
    
	$pathinfo = pathinfo($fname);


  		




  59
  
  
    
	$extension = strtolower($pathinfo['extension']);


  		




  
  59
  
    
	$extension = (isset($pathinfo['extension'])) ? strtolower($pathinfo['extension']) : '';


  		




  60
  60
  
    
	if (file_exists(THEME_PATH.'/images/files/'.$extension.'.png')) {


  		




  61
  61
  
    
		return $extension;


  		




  62
  62
  
    
	} else {


  		












  

    
      branches/2.8.x/wb/admin/media/upload.php
    
  





  123
  123
  
    
		// error while trying to extract the archive (most likely wrong format)


  		




  124
  124
  
    
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));


  		




  125
  125
  
    
	}


  		




  
  126
  
    
	


  		




  
  127
  
    
	// rename executable files!


  		




  
  128
  
    
	foreach ($list as $val) {


  		




  
  129
  
    
		$fn = $val['filename'];


  		




  
  130
  
    
		$fnp = pathinfo($fn);


  		




  
  131
  
    
		if (isset($fnp['extension'])) {


  		




  
  132
  
    
			$fext = $fnp['extension'];


  		




  
  133
  
    
			if (in_array($fext, $file_extensions)) {


  		




  
  134
  
    
				rename($fn, $fn.".txt");


  		




  
  135
  
    
			}


  		




  
  136
  
    
		}


  		




  
  137
  
    
	}


  		




  126
  138
  
    
}


  		




  127
  139
  
    

  		




  128
  140
  
    
if($good_uploads == 1) {


  		












  

    
      branches/2.8.x/wb/admin/pages/settings2.php
    
  





  49
  49
  
    
require_once(WB_PATH.'/framework/functions.php');


  		




  50
  50
  
    

  		




  51
  51
  
    
// Get values


  		




  52
  
  
    
$page_title = htmlspecialchars($admin->get_post_escaped('page_title') );


  		




  53
  
  
    
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title') );


  		




  
  52
  
    
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title')));


  		




  
  53
  
    
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title')));


  		




  54
  54
  
    
$page_code = (int) $admin->get_post_escaped('page_code');


  		




  55
  
  
    
$description = htmlspecialchars($admin->add_slashes($admin->get_post('description')) );


  		




  56
  
  
    
$keywords = htmlspecialchars($admin->add_slashes($admin->get_post('keywords')) );


  		




  
  55
  
    
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description'))));


  		




  
  56
  
    
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords'))));


  		




  57
  57
  
    
$parent = (int) $admin->get_post_escaped('parent'); // fix secunia 2010-91-3


  		




  58
  58
  
    
$visibility = $admin->get_post_escaped('visibility');


  		




  59
  59
  
    
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-93-3


  		




  ......




  61
  61
  
    
$target = preg_replace("/\W/", "", $admin->get_post_escaped('target'));


  		




  62
  62
  
    
$admin_groups = $admin->get_post_escaped('admin_groups');


  		




  63
  63
  
    
$viewing_groups = $admin->get_post_escaped('viewing_groups');


  		




  64
  
  
    
$searching = $admin->get_post_escaped('searching');


  		




  
  64
  
    
$searching = (int) $admin->get_post_escaped('searching');


  		




  65
  65
  
    
$language = strtoupper($admin->get_post('language'));


  		




  66
  66
  
    
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);


  		




  67
  67
  
    
$menu = (int) $admin->get_post_escaped('menu'); // fix secunia 2010-91-3


  		












  

    
      branches/2.8.x/wb/admin/interface/version.php
    
  





  52
  52
  
    

  		




  53
  53
  
    
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)


  		




  54
  54
  
    
if(!defined('VERSION')) define('VERSION', '2.8.2.RC5');


  		




  55
  
  
    
if(!defined('REVISION')) define('REVISION', '1406');


  		




  
  55
  
    
if(!defined('REVISION')) define('REVISION', '1407');


  		




  56
  56
  
    

  		




  57
  57
  
    
?>


  		












  

    
      branches/2.8.x/wb/account/details.php
    
  





  21
  21
  
    
	exit(0);


  		




  22
  22
  
    
}


  		




  23
  23
  
    

  		




  24
  
  
    
// Get entered values


  		




  
  24
  
    
// Get and sanitize entered values


  		




  25
  25
  
    
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));


  		




  26
  
  
    
$language = $wb->get_post_escaped('language');


  		




  27
  
  
    
$timezone = $wb->get_post_escaped('timezone')*60*60;


  		




  28
  
  
    
$date_format = $wb->get_post_escaped('date_format');


  		




  29
  
  
    
$time_format = $wb->get_post_escaped('time_format');


  		




  
  26
  
    
$language = strtoupper($wb->get_post('language'));


  		




  
  27
  
    
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);


  		




  
  28
  
    
$timezone = (int) $wb->get_post_escaped('timezone')*60*60;


  		




  30
  29
  
    

  		




  
  30
  
    
// date_format must be a key from /interface/date_formats


  		




  
  31
  
    
$date_format = $wb->get_post('date_format');


  		




  
  32
  
    
$date_format_key  = str_replace(' ', '|', $date_format);


  		




  
  33
  
    
$user_time = true;


  		




  
  34
  
    
include( ADMIN_PATH.'/interface/date_formats.php' );


  		




  
  35
  
    
$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');


  		




  
  36
  
    
$date_format = ($date_format == 'system_default' ? '' : $date_format);


  		




  
  37
  
    
unset($DATE_FORMATS);


  		




  
  38
  
    

  		




  
  39
  
    
// time_format must be a key from /interface/time_formats	


  		




  
  40
  
    
$time_format = $wb->get_post('time_format');


  		




  
  41
  
    
$time_format_key  = str_replace(' ', '|', $time_format);


  		




  
  42
  
    
$user_time = true;


  		




  
  43
  
    
include( ADMIN_PATH.'/interface/time_formats.php' );


  		




  
  44
  
    
$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');


  		




  
  45
  
    
$time_format = ($time_format == 'system_default' ? '' : $time_format);


  		




  
  46
  
    
unset($TIME_FORMATS);


  		




  
  47
  
    

  		




  31
  48
  
    
if (!$wb->checkFTAN())


  		




  32
  49
  
    
{


  		




  33
  50
  
    
	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);


  		












  

    
      branches/2.8.x/wb/modules/form/save_field.php
    
  





  40
  40
  
    
if($admin->get_post('title') == '' OR $admin->get_post('type') == '') {


  		




  41
  41
  
    
	$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'&section_id='.$section_id.'&field_id='.$admin->getIDKEY($field_id));


  		




  42
  42
  
    
} else {


  		




  43
  
  
    
	$title = htmlspecialchars($admin->get_post_escaped('title'), ENT_QUOTES);


  		




  
  43
  
    
	$title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('title'), ENT_QUOTES));


  		




  44
  44
  
    
	$type = $admin->add_slashes($admin->get_post('type'));


  		




  45
  45
  
    
	$required = (int) $admin->add_slashes($admin->get_post('required'));


  		




  46
  46
  
    
}


  		




  ......




  64
  64
  
    
// Get extra fields for field-type-specific settings


  		




  65
  65
  
    
if($admin->get_post('type') == 'textfield') {


  		




  66
  66
  
    
	$length = $admin->get_post_escaped('length');


  		




  67
  
  
    
	$value = $admin->get_post_escaped('value');


  		




  
  67
  
    
	$value = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('value'));


  		




  68
  68
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$length' WHERE field_id = '$field_id'");


  		




  69
  69
  
    
} elseif($admin->get_post('type') == 'textarea') {


  		




  70
  
  
    
	$value = $admin->get_post_escaped('value');


  		




  
  70
  
    
	$value = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('value'));


  		




  71
  71
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '' WHERE field_id = '$field_id'");


  		




  72
  72
  
    
} elseif($admin->get_post('type') == 'heading') {


  		




  73
  
  
    
	$extra = $admin->get_post('template');


  		




  
  73
  
    
	$extra = str_replace(array("[[", "]]"), '', $admin->get_post('template'));


  		




  74
  74
  
    
	if(trim($extra) == '') $extra = '<tr><td class="field_heading" colspan="2">{TITLE}{FIELD}</td></tr>';


  		




  75
  75
  
    
	$extra = $admin->add_slashes($extra);


  		




  76
  76
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '', extra = '$extra' WHERE field_id = '$field_id'");


  		




  ......




  78
  78
  
    
	$extra = $admin->get_post_escaped('size').','.$admin->get_post_escaped('multiselect');


  		




  79
  79
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");


  		




  80
  80
  
    
} elseif($admin->get_post('type') == 'checkbox') {


  		




  81
  
  
    
	$extra = $admin->get_post_escaped('seperator');


  		




  
  81
  
    
	$extra = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('seperator'));


  		




  82
  82
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");


  		




  83
  83
  
    
} elseif($admin->get_post('type') == 'radio') {


  		




  84
  
  
    
	$extra = $admin->get_post_escaped('seperator');


  		




  
  84
  
    
	$extra = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('seperator'));


  		




  85
  85
  
    
	$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '$extra' WHERE field_id = '$field_id'");


  		




  86
  86
  
    
}


  		




  87
  87
  
    

  		












Also available in:  Unified diff