- FIX function.get_image_link.php:
("GET /id/select%20user_id%20from%20users%20where%20user_id%20=%20332%3CBR%3E0.19035/images/nodes///.gif ) wtf?
-- fix ALL sql injections
+- SQL injections (many fixed, but some should be still there)
- remove absolute paths from all source files (!) (over 50)
foreach ($k as $id) {
+ // prevent sqli
+ $k = intval($k);
+ if ($k == 0) { continue; }
+
+
if ($user_k) {
$isSenat = hasAncestor(getAncestors($id), $senat_id);
if ($isSenat && !($isComm || $isSOwner)){
}
else {
- $node_creator=$_POST['node_creator'];
+ $node_creator=intval($_POST['node_creator']);
$q="select user_id from users where login like '$node_creator'";
$ownerset=$db->query($q);
if (!$ownerset->getNumRows()) {
}
}
- $node_vector=$_POST['node_vector'];
+ $node_vector=mysql_real_escape_string($_POST['node_vector']);
$old_vector=$node['node_vector'];
if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
- $node_parent=$_POST['node_parent'];
- $node_created=$_POST['node_created'];
+ $node_parent=intval($_POST['node_parent']);
+ $node_created=mysql_real_escape_string($_POST['node_created']);
$node_id=$node['node_id'];
$node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
}
- $node_name=$_POST['node_name'];
+ $node_name=mysql_real_escape_string($_POST['node_name']);
- $node_external_access=$_POST['node_external_access'];
- $node_system_access=$_POST['node_system_access'];
+ $node_external_access=mysql_real_escape_string($_POST['node_external_access']);
+ $node_system_access=mysql_real_escape_string($_POST['node_system_access']);
require(INCLUDE_DIR.'htmlparse.inc');
global $htmlparse;
<?php
- function configure_external_access() {
- global $db,$error,$node;
- $node_id=$node['node_id'];
- $user_id=$_SESSION['user_id'];
+function configure_external_access() {
+ global $db,$error,$node;
+ $node_id=$node['node_id'];
+ $user_id=$_SESSION['user_id'];
- if (($node['node_permission']=='owner') || ($node['node_permission']=='master')) {
- $node_external_access=$_POST['node_external_access'];
- if (empty($node_external_access)){ $node_external_access='no';}
-echo $node_external_access;
- if ($_POST['apply_on_vector']) {
- $vector=$node['node_vector'];
- if (empty($vector)) {
- $error=$error_messages['INCORRECT_VECTOR'];
- return false;
- }
- $q="update nodes set node_external_access='$node_external_access' where node_vector like '$vector%' and node_creator='$user_id'";
- $db->query($q);
- }
+ if (($node['node_permission']=='owner') || ($node['node_permission']=='master')) {
+
+ if ($_POST['node_external_access'] =='yes'))
+ { $node_external_access = 'yes'; }
+ else
+ { $node_external_access = 'no'; }
- else {
- $q="update nodes set node_external_access='$node_external_access' where node_id='$node_id'";
- $db->query($q);
+ if ($_POST['apply_on_vector']) {
+ $vector=$node['node_vector'];
+ if (empty($vector)) {
+ $error=$error_messages['INCORRECT_VECTOR'];
+ return false;
}
- }else{
- $error=$error_messages['EVENT_PERMISSION_ERROR'];
- return false;
+ $q="update nodes set node_external_access='$node_external_access' where node_vector like '$vector%' and node_creator='$user_id'";
+ $db->query($q);
+ }
+
+ else {
+ $q="update nodes set node_external_access='$node_external_access' where node_id='$node_id'";
+ $db->query($q);
}
+ }else{
+ $error=$error_messages['EVENT_PERMISSION_ERROR'];
+ return false;
}
-?>
\ No newline at end of file
+}
+?>
global $db,$error,$node;
$node_id=$node['node_id'];
$user_id=$_SESSION['user_id'];
+ $node_system_access=mysql_real_escape_string($_POST['node_system_access']);
if (($node['node_permission']=='owner') || ($node['node_permission']=='master')) {
- $node_system_access=$_POST['node_system_access'];
if ($_POST['apply_on_vector']) {
$vector=$node['node_vector'];
}
return true;
}
-?>
\ No newline at end of file
+?>
global $node,$db,$error;
$user_id = $_SESSION['user_id'];
foreach ($_POST['message'] as $chosen =>$value) {
+
+ $mail_id = intval($mail_id);
+ if ($mail_id == 0)
+ continue;
+
$set = $db->query("select mail_read,mail_to from mail where mail_id = '$chosen' and mail_from = '$user_id'");
$set->next();
if ($set->getString('mail_read') == 'no') {
$db->query("delete from mail where mail_id = '$chosen' and mail_user = '$user_id'");
}
}
-?>
\ No newline at end of file
+?>
global $db,$error,$node_id;
$login = mysql_real_escape_string($_POST['login']);
- $password = $_POST['password']; //XXX nice SQLi
+ $password = $_POST['password']; // Not SQLi but be carefull
$hash = md5($password);
$login_type = $_POST['login_type'];
$referer = $_SERVER['HTTP_REFERER'];
$user_name = $set->getString('login');
break;
case "id":
+ // HA! if it is number, escape_string is not enough
+ $login=intval($login);
+
$q="select * from users where user_id='$login' and password='$hash'";
$set=$db->query($q);
$set->next();
function set_bookmark_category() {
global $node,$db,$error;
$bookmarks=$_POST['bookmarks_chosen'];
- $category_id=$_POST['bookmark_category_id'];
+
+ if (isset($_POST['bookmark_category_id']) &&
+ is_numeric($_POST['bookmark_category_id'])) {
+ $category_id=$_POST['bookmark_category_id'];
+ }
+
$new_parent=nodes::getNodeById($category_id,$_SESSION['user_id']);
$new_parent_permissions=permissions::checkPermissions($new_parent);
foreach ($bookmarks as $chosen_id) {
unset($chosen);
+ if (!is_numeric($chosen_id))
+ {
+ $error=$error_messages['What a strange number..'];
+ return false;
+ }
$db->query("start transaction");
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / commitdiff
