[geeklog-cvs] geeklog: Fixed unfiltered GET parameter when unsubscribing from ...

[geeklog-cvs at lists.geeklog.net]

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/7bec51f9c947
changeset: 6931:7bec51f9c947
user:      Dirk Haun <dirk at haun-online.de>
date:      Sun Apr 12 23:16:52 2009 +0200
description:
Fixed unfiltered GET parameter when unsubscribing from comments

diffstat:

1 file changed, 15 insertions(+), 6 deletions(-)
public_html/comment.php |   21 +++++++++++++++------

diffs (58 lines):

diff -r 6a32420ccd94 -r 7bec51f9c947 public_html/comment.php
--- a/public_html/comment.php	Sun Apr 12 19:56:19 2009 +0200
+++ b/public_html/comment.php	Sun Apr 12 23:16:52 2009 +0200
@@ -335,8 +335,8 @@
     $mode = COM_applyFilter ($_REQUEST['mode']);
 }
 switch ($mode) {
-case $LANG03[28]: //Preview Changes (for edit)
-case $LANG03[34]: //Preview Submission changes (for edit)
+case $LANG03[28]: // Preview Changes (for edit)
+case $LANG03[34]: // Preview Submission changes (for edit)
 case $LANG03[14]: // Preview
     $display .= COM_siteHeader('menu', $LANG03[14])
              . CMT_commentForm (strip_tags ($_POST['title']), $_POST['comment'],
@@ -346,8 +346,9 @@
                     COM_applyFilter ($_POST['postmode']))
              . COM_siteFooter(); 
     break;
-case $LANG03[35]: //Submit Changes to Moderation table
-case $LANG03[29]: //Submit Changes
+
+case $LANG03[35]: // Submit Changes to Moderation table
+case $LANG03[29]: // Submit Changes
     if (SEC_checkToken()) {
         $display .= CMT_handleEditSubmit($mode);
     } else {
@@ -390,10 +391,12 @@
         $display .= COM_refresh($_CONF['site_url'] . '/index.php');
     }
     break;
+
 case 'editsubmission':
     if (!SEC_hasRights('comment.moderate')) { 
         break; 
     }
+    // deliberate fall-through
 case 'edit':
     if (SEC_checkToken()) {
         $display .= handleEdit($mode);
@@ -401,10 +404,16 @@
         $display .= COM_refresh($_CONF['site_url'] . '/index.php');
     }
     break;
+
 case 'unsubscribe':
-    DB_delete($_TABLES['commentnotifications'],'deletehash',
-                $_GET['key'],$_CONF['site_url'] . '/index.php?msg=16');
+    $key = COM_applyFilter($_GET['key']);
+    if (! empty($key)) {
+        $key = addslashes($key);
+        DB_delete($_TABLES['commentnotifications'], 'deletehash',
+                  $key, $_CONF['site_url'] . '/index.php?msg=16');
+    }
     break;
+
 default:  // New Comment
     $abort = false;
     $sid = COM_applyFilter ($_REQUEST['sid']);