[geeklog-cvs] Geeklog-1.x/public_html profiles.php,1.46,1.46.2.1

Dirk Haun dhaun at qs1489.pair.com
Tue Jan 8 13:39:49 EST 2008 

Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv71175/public_html

Modified Files:
      Tag: geeklog_1_4_0_1
	profiles.php 
Log Message:
Fixed an XSS (1.4.0 only), reported by MustLive


Index: profiles.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/profiles.php,v
retrieving revision 1.46
retrieving revision 1.46.2.1
diff -C2 -d -r1.46 -r1.46.2.1
*** profiles.php	28 Dec 2005 10:11:50 -0000	1.46
--- profiles.php	8 Jan 2008 18:39:47 -0000	1.46.2.1
***************
*** 10,14 ****
  // | their email address being intercepted by spammers.                        |
  // +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2005 by the following authors:                         |
  // |                                                                           |
  // | Authors: Tony Bibbs        - tony AT tonybibbs DOT com                    |
--- 10,14 ----
  // | their email address being intercepted by spammers.                        |
  // +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors:                         |
  // |                                                                           |
  // | Authors: Tony Bibbs        - tony AT tonybibbs DOT com                    |
***************
*** 410,423 ****
                      || !COM_isEmail ($_POST['fromemail'])) {
                  $display .= COM_siteHeader ('menu', $LANG08[17])
!                          . mailstoryform ($sid, $_POST['to'], $_POST['toemail'],
!                                           $_POST['from'], $_POST['fromemail'],
!                                           $_POST['shortmsg'], 52)
                           . COM_siteFooter ();
              } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
                      empty ($_POST['shortmsg'])) {
                  $display .= COM_siteHeader ('menu', $LANG08[17])
!                          . mailstoryform ($sid, $_POST['to'], $_POST['toemail'],
!                                           $_POST['from'], $_POST['fromemail'],
!                                           $_POST['shortmsg'])
                           . COM_siteFooter ();
              } else {
--- 410,419 ----
                      || !COM_isEmail ($_POST['fromemail'])) {
                  $display .= COM_siteHeader ('menu', $LANG08[17])
!                          . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), COM_applyFilter($_POST['shortmsg']), 52)
                           . COM_siteFooter ();
              } else if (empty ($_POST['to']) || empty ($_POST['from']) ||
                      empty ($_POST['shortmsg'])) {
                  $display .= COM_siteHeader ('menu', $LANG08[17])
!                          . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), COM_applyFilter($_POST['shortmsg']))
                           . COM_siteFooter ();
              } else {

More information about the geeklog-cvs mailing list