[geeklog-cvs] geeklog: Fixed unfiltered GET parameter when unsubscribing from ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Apr 12 18:29:57 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/7bec51f9c947
changeset: 6931:7bec51f9c947
user: Dirk Haun <dirk at haun-online.de>
date: Sun Apr 12 23:16:52 2009 +0200
description:
Fixed unfiltered GET parameter when unsubscribing from comments
diffstat:
1 file changed, 15 insertions(+), 6 deletions(-)
public_html/comment.php | 21 +++++++++++++++------
diffs (58 lines):
diff -r 6a32420ccd94 -r 7bec51f9c947 public_html/comment.php
--- a/public_html/comment.php Sun Apr 12 19:56:19 2009 +0200
+++ b/public_html/comment.php Sun Apr 12 23:16:52 2009 +0200
@@ -335,8 +335,8 @@
$mode = COM_applyFilter ($_REQUEST['mode']);
}
switch ($mode) {
-case $LANG03[28]: //Preview Changes (for edit)
-case $LANG03[34]: //Preview Submission changes (for edit)
+case $LANG03[28]: // Preview Changes (for edit)
+case $LANG03[34]: // Preview Submission changes (for edit)
case $LANG03[14]: // Preview
$display .= COM_siteHeader('menu', $LANG03[14])
. CMT_commentForm (strip_tags ($_POST['title']), $_POST['comment'],
@@ -346,8 +346,9 @@
COM_applyFilter ($_POST['postmode']))
. COM_siteFooter();
break;
-case $LANG03[35]: //Submit Changes to Moderation table
-case $LANG03[29]: //Submit Changes
+
+case $LANG03[35]: // Submit Changes to Moderation table
+case $LANG03[29]: // Submit Changes
if (SEC_checkToken()) {
$display .= CMT_handleEditSubmit($mode);
} else {
@@ -390,10 +391,12 @@
$display .= COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
+
case 'editsubmission':
if (!SEC_hasRights('comment.moderate')) {
break;
}
+ // deliberate fall-through
case 'edit':
if (SEC_checkToken()) {
$display .= handleEdit($mode);
@@ -401,10 +404,16 @@
$display .= COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
+
case 'unsubscribe':
- DB_delete($_TABLES['commentnotifications'],'deletehash',
- $_GET['key'],$_CONF['site_url'] . '/index.php?msg=16');
+ $key = COM_applyFilter($_GET['key']);
+ if (! empty($key)) {
+ $key = addslashes($key);
+ DB_delete($_TABLES['commentnotifications'], 'deletehash',
+ $key, $_CONF['site_url'] . '/index.php?msg=16');
+ }
break;
+
default: // New Comment
$abort = false;
$sid = COM_applyFilter ($_REQUEST['sid']);
More information about the geeklog-cvs
mailing list