Skip to content

Commit

Permalink
Merge pull request #488 from eurich/fixes
Browse files Browse the repository at this point in the history 
security related fixes
  • Loading branch information
@norv
norv committed Jun 4, 2013
2 parents 78aebbf + 1e4330b commit deedcad
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 12 deletions.
2 changes: 1 addition & 1 deletion sources/controllers/PersonalMessage.controller.php
View file
Expand Up @@ -982,7 +982,7 @@ function action_sendmessage2()
if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '')
$post_errors->addError('session_timeout');

$_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : '';
$_REQUEST['to'] = empty($_POST['to']) ? (empty($_GET['to']) ? '' : $_GET['to']) : $_POST['to'];
$_REQUEST['bcc'] = empty($_POST['bcc']) ? (empty($_GET['bcc']) ? '' : $_GET['bcc']) : $_POST['bcc'];

Expand Down
16 changes: 5 additions & 11 deletions sources/controllers/Post.controller.php
View file
Expand Up @@ -432,15 +432,9 @@ function action_post()
// Are you... a guest?
if ($user_info['is_guest'])
{
$_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
$_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']);

$_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']);
$context['name'] = $_REQUEST['guestname'];
$_REQUEST['email'] = htmlspecialchars($_REQUEST['email']);
$context['email'] = $_REQUEST['email'];

$user_info['name'] = $_REQUEST['guestname'];
$context['name'] = !isset($_REQUEST['guestname']) ? '' : Util::htmlspecialchars(trim($_REQUEST['guestname']));
$context['email'] = !isset($_REQUEST['email']) ? '' : Util::htmlspecialchars(trim($_REQUEST['email']));
$user_info['name'] = $context['name'];
}

// Only show the preview stuff if they hit Preview.
Expand Down Expand Up @@ -1237,8 +1231,8 @@ function action_post2()
// If the poster is a guest evaluate the legality of name and email.
if ($posterIsGuest)
{
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']);
$_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : Util::htmlspecialchars(trim($_POST['guestname']));
$_POST['email'] = !isset($_POST['email']) ? '' : Util::htmlspecialchars(trim($_POST['email']));

if ($_POST['guestname'] == '' || $_POST['guestname'] == '_')
$post_errors->addError('no_name');
Expand Down

0 comments on commit deedcad

Please sign in to comment.