Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-27 17:59:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix forum XSS

Browse Source
This commit is contained in:
slawkens 2023-11-27 22:56:38 +01:00
parent 83a91ec540
commit d1bc63d07a
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
system/pages/forum/edit_post.php
View File

@ -37,6 +37,10 @@ if(Forum::canPost($account_logged))
$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0; $smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0; $html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
if (!superAdmin()) {
$html = 0;
}
$length = strlen($post_topic); $length = strlen($post_topic);
if(($length < 1 || $length > 60) && $thread['id'] == $thread['first_post']) if(($length < 1 || $length > 60) && $thread['id'] == $thread['first_post'])
$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters."; $errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";

5
system/pages/forum/new_thread.php
View File

@ -26,6 +26,11 @@ if(Forum::canPost($account_logged))
$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : ''; $post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0); $smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0); $html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
if (!superAdmin()) {
$html = 0;
}
$saved = false; $saved = false;
if (isset($_REQUEST['save'])) { if (isset($_REQUEST['save'])) {
$length = strlen($post_topic); $length = strlen($post_topic);