From 93604031f93833bed1566f63e08db16fbf68f137 Mon Sep 17 00:00:00 2001
From: hiroron <hirorongl@gmail.com>
Date: Mon, 11 Dec 2023 18:01:05 +0900
Subject: [PATCH] fix CVE-2023-46058, fix CVE-2023-46058, fix CVE-2023-37787

---
 public_html/admin/group.php     |  2 +-
 public_html/admin/router.php    |  4 ++--
 public_html/admin/trackback.php | 12 ++++++------
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/public_html/admin/group.php b/public_html/admin/group.php
index 438d14971..5170ece9f 100644
--- a/public_html/admin/group.php
+++ b/public_html/admin/group.php
@@ -1295,7 +1295,7 @@ if (($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) {
     $display .= savegroup(
         (int) Geeklog\Input::fPost('grp_id', 0),
         Geeklog\Input::fPost('grp_name'),
-        Geeklog\Input::post('grp_descr'),
+        Geeklog\Input::fPost('grp_descr'),
         $chk_grpadmin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups
     );
 } elseif (($mode === 'savegroupusers') && SEC_checkToken()) {
diff --git a/public_html/admin/router.php b/public_html/admin/router.php
index 127531be3..59ce2846e 100644
--- a/public_html/admin/router.php
+++ b/public_html/admin/router.php
@@ -657,8 +657,8 @@ switch ($mode) {
         }
 
         $method = Input::fPost('method', '');
-        $rule = Input::post('rule', '');
-        $route = Input::post('route', '');
+        $rule = Input::fPost('rule', '');
+        $route = Input::fPost('route', '');
         $statusCode = (int) Input::fPost('status_code', 302);
         $priority = Input::fPost('priority', Router::DEFAULT_PRIORITY);
         $enabled = Input::fPost('enabled', '');
diff --git a/public_html/admin/trackback.php b/public_html/admin/trackback.php
index 7017319b2..478bfea8e 100644
--- a/public_html/admin/trackback.php
+++ b/public_html/admin/trackback.php
@@ -837,9 +837,9 @@ if (($mode === 'delete') && SEC_checkToken()) {
 } elseif ($mode === 'send') {
     $target = Geeklog\Input::fPost('target');
     $url = Geeklog\Input::fPost('url');
-    $title = Geeklog\Input::post('title');
-    $excerpt = Geeklog\Input::post('excerpt');
-    $blog = Geeklog\Input::post('blog_name');
+    $title = Geeklog\Input::fPost('title');
+    $excerpt = Geeklog\Input::fPost('excerpt');
+    $blog = Geeklog\Input::fPost('blog_name');
     if (empty($target)) {
         $display .= showTrackbackMessage($LANG_TRB['target_missing'],
             $LANG_TRB['target_required']);
@@ -1115,9 +1115,9 @@ if (($mode === 'delete') && SEC_checkToken()) {
     $is_enabled = Geeklog\Input::post('is_enabled', '');
     $display .= saveService(
         (int) Geeklog\Input::fPost('service_id'),
-        Geeklog\Input::post('service_name'),
-        Geeklog\Input::post('service_site_url'),
-        Geeklog\Input::post('service_ping_url'),
+        Geeklog\Input::fPost('service_name'),
+        Geeklog\Input::fPost('service_site_url'),
+        Geeklog\Input::fPost('service_ping_url'),
         Geeklog\Input::post('method'),
         $is_enabled
     );
-- 
2.21.0.windows.1