Changeset 4140


Ignore:
Timestamp:
10/28/09 21:39:00 (10 years ago)
Author:
nikrou
Message:

merge from trunk

bug 1220 : fix XSS vulnerability.
filter on since parameter (is_numeric)
use only htmlspecialchars to filter vars to display
revert rev:3600 add left join on users table

Todo : use only left join on users table when a search by author is made

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/comments.php

    r3519 r4140  
    6060  ); 
    6161 
    62 $page['since'] = isset($_GET['since']) ? $_GET['since'] : 4; 
     62if (!empty($_GET['since']) && is_numeric($_GET['since'])) 
     63{ 
     64  $page['since'] = $_GET['since']; 
     65} 
     66else 
     67{ 
     68  $page['since'] = 4; 
     69} 
    6370 
    6471// on which field sorting 
     
    102109 
    103110// search a particular author 
    104 if (isset($_GET['author']) and !empty($_GET['author'])) 
     111if (!empty($_GET['author'])) 
    105112{ 
    106113  $page['where_clauses'][] = 'com.author = \''.$_GET['author'].'\''; 
     
    108115 
    109116// search a substring among comments content 
    110 if (isset($_GET['keyword']) and !empty($_GET['keyword'])) 
     117if (!empty($_GET['keyword'])) 
    111118{ 
    112119  $page['where_clauses'][] = 
     
    181188  array( 
    182189    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php', 
    183     'F_KEYWORD'=>@htmlspecialchars(stripslashes($_GET['keyword'])), 
    184     'F_AUTHOR'=>@htmlspecialchars(stripslashes($_GET['author'])), 
     190    'F_KEYWORD'=> @htmlspecialchars($_GET['keyword'], ENT_QUOTES, 'utf-8'), 
     191    'F_AUTHOR'=> @htmlspecialchars($_GET['author'], ENT_QUOTES, 'utf-8'), 
    185192    ) 
    186193  ); 
     
    253260SELECT COUNT(DISTINCT(id)) 
    254261  FROM '.IMAGE_CATEGORY_TABLE.' AS ic 
    255     INNER JOIN '.COMMENTS_TABLE.' AS com 
     262    INNER JOIN '.COMMENTS_TABLE.' AS com     
    256263    ON ic.image_id = com.image_id 
     264    LEFT JOIN '.USERS_TABLE.' As u 
     265    ON u.'.$conf['user_fields']['id'].' = com.author_id 
    257266  WHERE '.implode(' 
    258267    AND ', $page['where_clauses']).' 
     
    291300    INNER JOIN '.COMMENTS_TABLE.' AS com 
    292301    ON ic.image_id = com.image_id 
     302    LEFT JOIN '.USERS_TABLE.' As u 
     303    ON u.'.$conf['user_fields']['id'].' = com.author_id 
    293304  WHERE '.implode(' 
    294305    AND ', $page['where_clauses']).' 
Note: See TracChangeset for help on using the changeset viewer.