Changeset 4139


Ignore:
Timestamp:
10/28/09 21:34:29 (10 years ago)
Author:
nikrou
Message:

bug 1220 : fix XSS vulnerability.
filter on since parameter (is_numeric)
use only htmlspecialchars to filter vars to display
revert rev:3600 add left join on users table

Todo : use only left join on users table when a search by author is made

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/comments.php

    r3600 r4139  
    6161  ); 
    6262 
    63 $page['since'] = isset($_GET['since']) ? $_GET['since'] : 4; 
     63if (!empty($_GET['since']) && is_numeric($_GET['since'])) 
     64{ 
     65  $page['since'] = $_GET['since']; 
     66} 
     67else 
     68{ 
     69  $page['since'] = 4; 
     70} 
    6471 
    6572// on which field sorting 
     
    103110 
    104111// search a particular author 
    105 if (isset($_GET['author']) and !empty($_GET['author'])) 
     112if (!empty($_GET['author'])) 
    106113{ 
    107114  $page['where_clauses'][] = 
     
    111118 
    112119// search a substring among comments content 
    113 if (isset($_GET['keyword']) and !empty($_GET['keyword'])) 
     120if (!empty($_GET['keyword'])) 
    114121{ 
    115122  $page['where_clauses'][] = 
     
    198205  array( 
    199206    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php', 
    200     'F_KEYWORD'=>@htmlspecialchars(stripslashes($_GET['keyword'])), 
    201     'F_AUTHOR'=>@htmlspecialchars(stripslashes($_GET['author'])), 
     207    'F_KEYWORD'=> @htmlspecialchars($_GET['keyword'], ENT_QUOTES, 'utf-8'), 
     208    'F_AUTHOR'=> @htmlspecialchars($_GET['author'], ENT_QUOTES, 'utf-8'), 
    202209    ) 
    203210  ); 
     
    270277SELECT COUNT(DISTINCT(com.id)) 
    271278  FROM '.IMAGE_CATEGORY_TABLE.' AS ic 
    272     INNER JOIN '.COMMENTS_TABLE.' AS com 
     279    INNER JOIN '.COMMENTS_TABLE.' AS com     
    273280    ON ic.image_id = com.image_id 
     281    LEFT JOIN '.USERS_TABLE.' As u 
     282    ON u.'.$conf['user_fields']['id'].' = com.author_id 
    274283  WHERE '.implode(' 
    275284    AND ', $page['where_clauses']).' 
     
    309318    INNER JOIN '.COMMENTS_TABLE.' AS com 
    310319    ON ic.image_id = com.image_id 
     320    LEFT JOIN '.USERS_TABLE.' As u 
     321    ON u.'.$conf['user_fields']['id'].' = com.author_id 
    311322  WHERE '.implode(' 
    312323    AND ', $page['where_clauses']).' 
Note: See TracChangeset for help on using the changeset viewer.