[geeklog-cvs] Geeklog-1.x/public_html profiles.php,1.55,1.56
Michael Jervis
mjervis at qs1489.pair.com
Wed Feb 20 15:32:39 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv27176/public_html
Modified Files:
profiles.php
Log Message:
Mail story to a friend: User message text is run through COM_applyFilter but shouldn't be because that will cut the message off at the first special character. The message doesn't go out as HTML, and isn't logged, so, we don't introduce a security hole by doing so (I checked carefully!)
Index: profiles.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/profiles.php,v
retrieving revision 1.55
retrieving revision 1.56
diff -C2 -d -r1.55 -r1.56
*** profiles.php 20 Feb 2008 20:27:25 -0000 1.55
--- profiles.php 20 Feb 2008 20:32:37 -0000 1.56
***************
*** 472,476 ****
. mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
! COM_applyFilter($_POST['shortmsg']), 52)
. COM_siteFooter ();
} else if (empty ($_POST['to']) || empty ($_POST['from']) ||
--- 472,476 ----
. mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
! $_POST['shortmsg'], 52)
. COM_siteFooter ();
} else if (empty ($_POST['to']) || empty ($_POST['from']) ||
***************
*** 479,483 ****
. mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
! COM_applyFilter($_POST['shortmsg']))
. COM_siteFooter ();
} else {
--- 479,483 ----
. mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
! $_POST['shortmsg'])
. COM_siteFooter ();
} else {
***************
*** 488,492 ****
. mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
! COM_applyFilter($_POST['shortmsg']))
. COM_siteFooter ();
} else {
--- 488,492 ----
. mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']),
COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']),
! $_POST['shortmsg'])
. COM_siteFooter ();
} else {
More information about the geeklog-cvs
mailing list