Revision 639
Added by thorn almost 17 years ago
| trunk/CHANGELOG | ||
|---|---|---|
| 10 | 10 |
# = Bugfix |
| 11 | 11 |
! = Update/Change |
| 12 | 12 |
|
| 13 |
------------------------------------- 2.7.0 ------------------------------------- |
|
| 13 |
------------------------------------- 2.7.0 ------------------------------------- |
|
| 14 |
29-Jan-2008 Thomas Hornik |
|
| 15 |
# Security bugfix: Text file for text-captcha was readable from everywhere |
|
| 16 |
# Text-captcha: empty line in test file, following a question, was accepted as answer. Fixed. |
|
| 14 | 17 |
28-Jan-2008 Matthias Gallas |
| 15 | 18 |
# Replaced all special chars in language files with htmlentities or unicode |
| 16 | 19 |
+ Added some missing lines in language files |
| trunk/wb/include/captcha/captchas/text.php | ||
|---|---|---|
| 28 | 28 |
|
| 29 | 29 |
global $admin; |
| 30 | 30 |
$name = 'text'; |
| 31 |
$file = WB_PATH."/temp/.captcha_$name.txt";
|
|
| 31 |
$file = WB_PATH."/temp/.captcha_$name.php";
|
|
| 32 | 32 |
|
| 33 | 33 |
srand((double)microtime()*100000); |
| 34 | 34 |
$_SESSION['captcha'] = rand(0,99999); |
| ... | ... | |
| 61 | 61 |
$s=next($content); |
| 62 | 62 |
$s=trim(rtrim(rtrim($s,"\n"),"\r")); // remove newline |
| 63 | 63 |
$s=$admin->strip_slashes($s); |
| 64 |
if(isset($s{0}) && $s{0}!='!') continue;
|
|
| 65 |
$a=substr($s,1); |
|
| 66 |
$qa[$lang][$q]=$a; |
|
| 67 |
next($content); |
|
| 64 |
if(isset($s{0}) && $s{0}=='!') {
|
|
| 65 |
$a=substr($s,1); |
|
| 66 |
$qa[$lang][$q]=$a; |
|
| 67 |
next($content); |
|
| 68 |
} |
|
| 68 | 69 |
} |
| 69 | 70 |
if($qa == array()) {
|
| 70 | 71 |
echo '<b>Error</b>: no text defined! Enter <b>0</b> to solve this captcha'; |
| trunk/wb/modules/captcha_control/tool.php | ||
|---|---|---|
| 56 | 56 |
$text_qa=$_POST['text_qa']; |
| 57 | 57 |
if(strpos($text_qa, '### example ###') === FALSE) {
|
| 58 | 58 |
$text_qa=$admin->add_slashes($text_qa); |
| 59 |
if($fh = fopen(WB_PATH.'/temp/.captcha_text.txt', 'wb')) {
|
|
| 59 |
$text_qa="<?php die(header('Location: ../index.php')); ?>\n".$text_qa;
|
|
| 60 |
if($fh = fopen(WB_PATH.'/temp/.captcha_text.php', 'wb')) {
|
|
| 60 | 61 |
fwrite($fh, $text_qa); |
| 61 | 62 |
fclose($fh); |
| 62 | 63 |
} |
| ... | ... | |
| 78 | 79 |
// load text-captchas |
| 79 | 80 |
$text_qa=''; |
| 80 | 81 |
if(file_exists(WB_PATH.'/include/captcha/captchas/text.php')) {
|
| 81 |
if(file_exists(WB_PATH.'/temp/.captcha_text.txt')) {
|
|
| 82 |
@$content = file(WB_PATH.'/temp/.captcha_text.txt');
|
|
| 82 |
if(file_exists(WB_PATH.'/temp/.captcha_text.php')) {
|
|
| 83 |
@$content = file(WB_PATH.'/temp/.captcha_text.php');
|
|
| 83 | 84 |
if($content!==FALSE) {
|
| 85 |
$content[0]=''; |
|
| 84 | 86 |
$text_qa = $admin->strip_slashes(implode('', $content));
|
| 85 | 87 |
} |
| 86 | 88 |
} |
Also available in: Unified diff
Security bugfix: Text file for text-captcha was readable from everywhere. Text-captcha: empty line in test file, following a question, was accepted as answer. Fixed.