diff options
| author | rub <rub@piwigo.org> | 2007-01-03 23:27:32 +0000 |
|---|---|---|
| committer | rub <rub@piwigo.org> | 2007-01-03 23:27:32 +0000 |
| commit | d9d37d76c66c8bd5cdccba08ea7bbd050d70f408 (patch) | |
| tree | 5cdfc07fc5a9e05216ab8867257607b30d9fbe90 | |
| parent | 4c360b36821fcaf56a58b4f1b235ec2ac6826c05 (diff) | |
Fixed: HTML vulnerability (Cross Site Scripting).
Fixed: All comments are displayed on comments.php
git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1695 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | admin/user_list.php | 2 | ||||
| -rw-r--r-- | comments.php | 14 |
2 files changed, 11 insertions, 5 deletions
diff --git a/admin/user_list.php b/admin/user_list.php index c1e6fac2c..21ba58806 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -485,7 +485,7 @@ $template->assign_vars( 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list', 'F_ADD_ACTION' => $base_url, - 'F_USERNAME' => @$_GET['username'], + 'F_USERNAME' => @htmlentities($_GET['username']), 'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php' )); diff --git a/comments.php b/comments.php index 28f4bf410..eecf4575e 100644 --- a/comments.php +++ b/comments.php @@ -144,6 +144,10 @@ if (isset($_GET['keyword']) and !empty($_GET['keyword'])) ')'; } +// Only validated on 1.6.x +// on 1.7, admin can see all because he can be validated or rejected comments +$page['status_clause'] = 'validated="true"'; + // +-----------------------------------------------------------------------+ // | comments management | // +-----------------------------------------------------------------------+ @@ -184,8 +188,8 @@ $template->assign_vars( 'L_COMMENT_TITLE' => $title, 'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php', - 'F_KEYWORD'=>@$_GET['keyword'], - 'F_AUTHOR'=>@$_GET['author'], + 'F_KEYWORD'=>@htmlentities($_GET['keyword']), + 'F_AUTHOR'=>@htmlentities($_GET['author']), 'U_HOME' => make_index_url(), ) @@ -298,7 +302,8 @@ SELECT COUNT(DISTINCT(id)) WHERE '.$since_options[$page['since']]['clause'].' AND '.$page['cat_clause'].' AND '.$page['author_clause'].' - AND '.$page['keyword_clause']; + AND '.$page['keyword_clause'].' + AND '.$page['status_clause']; if ($user['forbidden_categories'] != '') { $query.= ' @@ -340,7 +345,8 @@ SELECT com.id AS comment_id WHERE '.$since_options[$page['since']]['clause'].' AND '.$page['cat_clause'].' AND '.$page['author_clause'].' - AND '.$page['keyword_clause']; + AND '.$page['keyword_clause'].' + AND '.$page['status_clause']; if ($user['forbidden_categories'] != '') { $query.= ' |