Permalink
Browse files

Update VCounter

Update VCounter
  • Loading branch information...
1 parent bc61f1a commit 4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade @auracms committed Jan 31, 2014
Showing with 10 additions and 10 deletions.
  1. +10 −10 mod/statistik/vcounter.php
View
@@ -27,29 +27,29 @@ function usersOnline () {
function ipCheck() {
if (getenv('HTTP_CLIENT_IP')) {
- $ip = getenv('HTTP_CLIENT_IP');
+ $ip = mysql_real_escape_string(getenv('HTTP_CLIENT_IP'));
}
elseif (getenv('HTTP_X_FORWARDED_FOR')) {
- $ip = getenv('HTTP_X_FORWARDED_FOR');
+ $ip = mysql_real_escape_string(getenv('HTTP_X_FORWARDED_FOR'));
}
elseif (getenv('HTTP_X_FORWARDED')) {
- $ip = getenv('HTTP_X_FORWARDED');
+ $ip = mysql_real_escape_string(getenv('HTTP_X_FORWARDED'));
}
elseif (getenv('HTTP_FORWARDED_FOR')) {
- $ip = getenv('HTTP_FORWARDED_FOR');
+ $ip = mysql_real_escape_string(getenv('HTTP_FORWARDED_FOR'));
}
elseif (getenv('HTTP_FORWARDED')) {
- $ip = getenv('HTTP_FORWARDED');
+ $ip = mysql_real_escape_string(getenv('HTTP_FORWARDED'));
}
else {
- $ip = $_SERVER['REMOTE_ADDR'];
+ $ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
}
return $ip;
}
function new_user() {
global $db;
- $insert = $db->sql_query("INSERT INTO `mod_useronline` (`timestamp`, `ip`) VALUES ('mysql_real_escape_string($this->timestamp)', 'mysql_real_escape_string($this->ip)')");
+ $insert = $db->sql_query("INSERT INTO `mod_useronline` (`timestamp`, `ip`) VALUES ('$this->timestamp', '$this->ip')");
if (!$insert) {
$this->error[$this->i] = "Unable to record new visitor\r\n";
$this->i ++;
@@ -120,7 +120,7 @@ function count_users() {
$yesterdaystart = $daystart - (24*60*60);
$now = time();
- $ip = getIP();
+ $ip = mysql_real_escape_string(getIP());
$r = mysql_query("SELECT MAX( id ) AS total FROM `mod_visitcounter`");
@@ -140,12 +140,12 @@ function count_users() {
//$query = mysql_query ("DELETE FROM `mod_visitcounter` WHERE `id`<'$temp'");
}
- $item = mysql_fetch_assoc(mysql_query ("SELECT COUNT(*) AS `total` FROM `mod_visitcounter` WHERE `ip`='mysql_real_escape_string($ip)' AND (tm+'$locktime')>'$now'"));
+ $item = mysql_fetch_assoc(mysql_query ("SELECT COUNT(*) AS `total` FROM `mod_visitcounter` WHERE `ip`='$ip' AND (tm+'$locktime')>'$now'"));
$items = $item['total'];
if (empty($items))
{
- mysql_query ("INSERT INTO `mod_visitcounter` (`id`, `tm`, `ip`) VALUES ('', '$now', 'mysql_real_escape_string($ip)')");
+ mysql_query ("INSERT INTO `mod_visitcounter` (`id`, `tm`, `ip`) VALUES ('', '$now', '$ip')");
}
$n = $all_visitors;

2 comments on commit 4fe9d0d

fgeek commented on 4fe9d0d Feb 11, 2014

This is CVE-2014-1401 http://osvdb.org/101938

You should add information to commit message when you fix security vulnerabilities and create a security announcement in your webpage.

Owner

Oke Thanks

Please sign in to comment.