lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix some potential security hazards

Browse Source
This commit is contained in:
xiaomlove
2023-05-20 00:17:17 +08:00
parent 167af06cfa
commit fa95279e66
11 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/sanctum.php
+1 -1
View File
@@ -29,7 +29,7 @@ return [
| |
*/ */
'expiration' => null, 'expiration' => 129600,
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
include/constants.php
+1 -1
View File
@@ -1,6 +1,6 @@
<?php <?php
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.4'); defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.4');
defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-15'); defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-20');
defined('IN_TRACKER') || define('IN_TRACKER', false); defined('IN_TRACKER') || define('IN_TRACKER', false);
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP"); defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org"); defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
public/attachment.php
+1 -1
View File
@@ -230,7 +230,7 @@ if ($Attach->enable_attachment())
$dlkey = md5($db_file_location.".".$ext); $dlkey = md5($db_file_location.".".$ext);
sql_query("INSERT INTO attachments (userid, width, added, filename, filetype, filesize, location, dlkey, isimage, thumb) VALUES (".$CURUSER['id'].", ".$width.", ".sqlesc(date("Y-m-d H:i:s")).", ".sqlesc($origfilename).", ".sqlesc($filetype).", ".$filesize.", ".sqlesc($db_file_location.".".$ext).", ".sqlesc($dlkey).", ".($isimage ? 1 : 0).", ".($hasthumb ? 1 : 0).")") or sqlerr(__FILE__, __LINE__); sql_query("INSERT INTO attachments (userid, width, added, filename, filetype, filesize, location, dlkey, isimage, thumb) VALUES (".$CURUSER['id'].", ".$width.", ".sqlesc(date("Y-m-d H:i:s")).", ".sqlesc($origfilename).", ".sqlesc($filetype).", ".$filesize.", ".sqlesc($db_file_location.".".$ext).", ".sqlesc($dlkey).", ".($isimage ? 1 : 0).", ".($hasthumb ? 1 : 0).")") or sqlerr(__FILE__, __LINE__);
$count_left--; $count_left--;
if (!empty($_REQUEST['callback_func'])) { if (!empty($_REQUEST['callback_func']) && preg_match('/^preview_custom_field_image_\d+$/', $_REQUEST['callback_func'])) {
$url = $httpdirectory_attachment."/".$db_file_location . ".$ext"; $url = $httpdirectory_attachment."/".$db_file_location . ".$ext";
if ($hasthumb) { if ($hasthumb) {
$url .= ".thumb.jpg"; $url .= ".thumb.jpg";
public/faqactions.php
+4 -3
View File
@@ -36,7 +36,7 @@ function clear_faq_cache()
// ACTION: reorder - reorder sections and items // ACTION: reorder - reorder sections and items
if (isset($_GET['action']) && $_GET['action'] == "reorder") { if (isset($_GET['action']) && $_GET['action'] == "reorder") {
foreach($_POST[order] as $id => $position) sql_query("UPDATE `faq` SET `order`=".sqlesc($position)." WHERE id=".sqlesc($id)) or sqlerr(); foreach($_POST['order'] as $id => $position) sql_query("UPDATE `faq` SET `order`=".sqlesc($position)." WHERE id=".sqlesc($id)) or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die; die;
} }
@@ -113,7 +113,7 @@ elseif (isset($_GET['action']) && $_GET['action'] == "editsect" && $_POST['id']
// ACTION: delete - delete a section or item // ACTION: delete - delete a section or item
elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) { elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) {
if ($_GET[confirm] == "yes") { if ($_GET['confirm'] == "yes") {
sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc(intval($_GET['id'] ?? 0))." LIMIT 1") or sqlerr(); sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc(intval($_GET['id'] ?? 0))." LIMIT 1") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die; die;
@@ -122,7 +122,8 @@ elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id
stdhead("FAQ Management"); stdhead("FAQ Management");
begin_main_frame(); begin_main_frame();
print("<h1 align=\"center\">Confirmation required</h1>"); print("<h1 align=\"center\">Confirmation required</h1>");
print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\" align=\"center\" width=\"95%\">\n<tr><td align=\"center\">Please click <a href=\"faqactions.php?action=delete&id={$_GET['id']}&confirm=yes\">here</a> to confirm.</td></tr>\n</table>\n"); $id = intval($_GET['id'] ?? 0);
print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\" align=\"center\" width=\"95%\">\n<tr><td align=\"center\">Please click <a href=\"faqactions.php?action=delete&id={$id}&confirm=yes\">here</a> to confirm.</td></tr>\n</table>\n");
end_main_frame(); end_main_frame();
stdfoot(); stdfoot();
} }
public/friends.php
+1 -1
View File
@@ -65,7 +65,7 @@ if ($action == 'delete')
{ {
$targetid = $_GET['targetid']; $targetid = $_GET['targetid'];
$sure = $_GET['sure']; $sure = $_GET['sure'];
$type = $_GET['type']; $type = htmlspecialchars($_GET['type']);
if ($type == 'friend') if ($type == 'friend')
$typename = $lang_friends['text_friend']; $typename = $lang_friends['text_friend'];
public/ipsearch.php
+1 -1
View File
@@ -8,7 +8,7 @@ if (!user_can('userprofile'))
permissiondenied(); permissiondenied();
else else
{ {
$ip = trim($_GET['ip']); $ip = htmlspecialchars(trim($_GET['ip']));
if ($ip) if ($ip)
{ {
$regex = "/^(((1?\d{1,2})|(2[0-4]\d)|(25[0-5]))(\.\b|$)){4}$/"; $regex = "/^(((1?\d{1,2})|(2[0-4]\d)|(25[0-5]))(\.\b|$)){4}$/";
public/staffbox.php
+1 -1
View File
@@ -133,7 +133,7 @@ stdfoot();
////////////////////////// //////////////////////////
if ($action == "answermessage") { if ($action == "answermessage") {
$answeringto = $_GET["answeringto"]; $answeringto = intval($_GET["answeringto"] ?? 0);
$receiver = intval($_GET["receiver"] ?? 0); $receiver = intval($_GET["receiver"] ?? 0);
int_check($receiver,true); int_check($receiver,true);
public/subtitles.php
+1 -1
View File
@@ -95,7 +95,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["action"]) && $_POST["a
//start process torrent ID //start process torrent ID
if(!$_POST["torrent_id"]) if(!$_POST["torrent_id"])
{ {
echo($lang_subtitles['std_missing_torrent_id']."$file[name]</b></font> !"); echo($lang_subtitles['std_missing_torrent_id'].htmlspecialchars($file['name'])."</b></font> !");
exit; exit;
} }
else else
public/userhistory.php
+1 -1
View File
@@ -5,7 +5,7 @@ require_once(get_langfile_path());
loggedinorreturn(); loggedinorreturn();
parked(); parked();
$userid = $_GET["id"]; $userid = intval($_GET["id"] ?? 0);
int_check($userid,true); int_check($userid,true);
if ($CURUSER["id"] != $userid && !user_can('viewhistory')) if ($CURUSER["id"] != $userid && !user_can('viewhistory'))
public/viewnfo.php
+1 -1
View File
@@ -4,7 +4,7 @@ dbconn();
require_once(get_langfile_path()); require_once(get_langfile_path());
loggedinorreturn(); loggedinorreturn();
parked(); parked();
$id = $_GET["id"]; $id = intval($_GET["id"] ?? 0);
if (!user_can('viewnfo') || !is_valid_id($id) || $enablenfo_main != 'yes') if (!user_can('viewnfo') || !is_valid_id($id) || $enablenfo_main != 'yes')
permissiondenied(); permissiondenied();
public/viewrequests.php
+3 -3
View File
@@ -7,7 +7,7 @@ loggedinorreturn();
parked(); parked();
if (isset($_GET['id'])) { if (isset($_GET['id'])) {
$_GET['id'] = htmlspecialchars($_GET['id']); $_GET['id'] = intval($_GET['id'] ?? 0);
} }
$action = isset($_POST['action']) ? htmlspecialchars($_POST['action']) : (isset($_GET['action']) ? htmlspecialchars($_GET['action']) : ''); $action = isset($_POST['action']) ? htmlspecialchars($_POST['action']) : (isset($_GET['action']) ? htmlspecialchars($_GET['action']) : '');
$allowed_actions = array("list", "new", "newmessage", "view", "edit", "takeedit", "takeadded", "res", "takeres", "addamount", "delete", "confirm", "message", "search"); $allowed_actions = array("list", "new", "newmessage", "view", "edit", "takeedit", "takeadded", "res", "takeres", "addamount", "delete", "confirm", "message", "search");
@@ -200,7 +200,7 @@ else {
print( print(
"<form id=edit method=post name=edit action=viewrequests.php >\n "<form id=edit method=post name=edit action=viewrequests.php >\n
<input type=hidden name=action value=takeedit > <input type=hidden name=action value=takeedit >
<input type=hidden name=reqid value=" . $_GET["id"] . " > <input type=hidden name=reqid value=" . intval($_GET["id"] ?? 0) . " >
"); ");
print("<table width=100% cellspacing=0 cellpadding=3><tr><td class=colhead align=center colspan=2>{$lang_functions['title_edit']}{$lang_viewrequests['request']}</td></tr>"); print("<table width=100% cellspacing=0 cellpadding=3><tr><td class=colhead align=center colspan=2>{$lang_functions['title_edit']}{$lang_viewrequests['request']}</td></tr>");
tr("{$lang_functions['col_name']}", "<input name=request value=\"" . $arr["request"] . "\" size=134 ><br/>", 1); tr("{$lang_functions['col_name']}", "<input name=request value=\"" . $arr["request"] . "\" size=134 ><br/>", 1);
@@ -247,7 +247,7 @@ else {
print( print(
"<form id=reply name=reply method=post action=viewrequests.php >\n<input type=hidden name=action value=message ><input type=hidden name=id value=" . $_GET["id"] . " >\n"); "<form id=reply name=reply method=post action=viewrequests.php >\n<input type=hidden name=action value=message ><input type=hidden name=id value=" . intval($_GET["id"] ?? 0) . " >\n");
print("<table width=100% cellspacing=0 cellpadding=3>\n"); print("<table width=100% cellspacing=0 cellpadding=3>\n");
print("<tr><td class=rowfollow align=left>"); print("<tr><td class=rowfollow align=left>");