From cb08e531038911a33661c64723d220f3ecdb6d38 Mon Sep 17 00:00:00 2001 From: slawkens Date: Fri, 1 Jun 2018 20:27:34 +0200 Subject: [PATCH] * fix XSS in forum show_thread --- system/pages/forum/show_thread.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/pages/forum/show_thread.php b/system/pages/forum/show_thread.php index d1ea243b..08c236df 100644 --- a/system/pages/forum/show_thread.php +++ b/system/pages/forum/show_thread.php @@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!'); $links_to_pages = ''; $thread_id = (int) $_REQUEST['id']; $_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0); -$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`section` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch(); +$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`section`, `" . TABLE_PREFIX . "forum`.`post_html` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch(); if(empty($thread_name['name'])) { echo 'Thread with this ID does not exits.'; @@ -36,8 +36,8 @@ for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page'] $threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll(); if(isset($threads[0]['name'])) $db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id); -echo 'Boards >> '.$sections[$threads[0]['section']]['name'].' >> '.$thread_name['post_topic'].''; -echo '



Page: '.$links_to_pages.'
'; +echo 'Boards >> '.$sections[$threads[0]['section']]['name'].' >> '.($thread_name['post_html'] ? $thread_name['post_topic'] : htmlspecialchars($thread_name['post_topic'])).''; +echo '



Page: '.$links_to_pages.'
'.htmlspecialchars($thread_name['post_topic']).'
by ' . getPlayerLink($thread_name['name']) . '
Author 
'; $player = $ots->createObject('Player'); foreach($threads as $thread) {
'.($thread_name['post_html'] ? $thread_name['post_topic'] : htmlspecialchars($thread_name['post_topic'])).'
by ' . getPlayerLink($thread_name['name']) . '
Author