[geeklog-cvs] Geeklog-1.x/public_html profiles.php,1.46,1.46.2.1
Dirk Haun
dhaun at qs1489.pair.com
Tue Jan 8 13:39:49 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv71175/public_html
Modified Files:
Tag: geeklog_1_4_0_1
profiles.php
Log Message:
Fixed an XSS (1.4.0 only), reported by MustLive
Index: profiles.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/profiles.php,v
retrieving revision 1.46
retrieving revision 1.46.2.1
diff -C2 -d -r1.46 -r1.46.2.1
*** profiles.php 28 Dec 2005 10:11:50 -0000 1.46
--- profiles.php 8 Jan 2008 18:39:47 -0000 1.46.2.1
***************
*** 10,14 ****
// | their email address being intercepted by spammers. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2005 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 10,14 ----
// | their email address being intercepted by spammers. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 410,423 ****
|| !COM_isEmail ($_POST['fromemail'])) {
$display .= COM_siteHeader ('menu', $LANG08[17])
! . mailstoryform ($sid, $_POST['to'], $_POST['toemail'],
! $_POST['from'], $_POST['fromemail'],
! $_POST['shortmsg'], 52)
. COM_siteFooter ();
} else if (empty ($_POST['to']) || empty ($_POST['from']) ||
empty ($_POST['shortmsg'])) {
$display .= COM_siteHeader ('menu', $LANG08[17])
! . mailstoryform ($sid, $_POST['to'], $_POST['toemail'],
! $_POST['from'], $_POST['fromemail'],
! $_POST['shortmsg'])
. COM_siteFooter ();
} else {
--- 410,419 ----
|| !COM_isEmail ($_POST['fromemail'])) {
$display .= COM_siteHeader ('menu', $LANG08[17])
! . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), COM_applyFilter($_POST['shortmsg']), 52)
. COM_siteFooter ();
} else if (empty ($_POST['to']) || empty ($_POST['from']) ||
empty ($_POST['shortmsg'])) {
$display .= COM_siteHeader ('menu', $LANG08[17])
! . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), COM_applyFilter($_POST['shortmsg']))
. COM_siteFooter ();
} else {
More information about the geeklog-cvs
mailing list