Skip to content
Permalink
Browse files
Security fixes
Signed-off-by: deviance <meangczac.chan@gmail.com>
  • Loading branch information
FrederickChan committed Aug 19, 2022
1 parent 2f9a201 commit 57c96d4a0c00e8e1e25100087654688123c6e991
Showing 1 changed file with 6 additions and 9 deletions.
@@ -666,15 +666,12 @@ public function saveUpdate() {

// hidden input tamper check - user_hash must not be changed.
// id request spoofing request
$a_check = ($this->userData["user_password"] != sanitizer("user_hash", "", "user_hash"));
$b_check = ($this->userData['user_id'] != fusion_get_userdata('user_id'));
// for admin with sufficient rights, skip all these formats
if (iADMIN && checkrights("M")) {
$a_check = FALSE;
$b_check = FALSE;
}
if ($a_check or $b_check) {
fusion_stop();
if (!(iADMIN && checkrights('M')) ||
($this->userData['user_password'] != sanitizer("user_hash", "", "user_hash")) ||
($this->data['user_id'] != fusion_get_userdata('user_id'))) {
fusion_stop($locale['error_request']);

return FALSE;
}

// check for password match

2 comments on commit 57c96d4

@JamieSlome
Copy link

@JamieSlome JamieSlome commented on 57c96d4 Sep 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FrederickChan - can you confirm that this fix was made as a result of the following vulnerability report?

https://huntr.dev/bounties/b3f888d2-5c71-4682-8287-42613401fd5a/

@FrederickChan
Copy link
Member Author

@FrederickChan FrederickChan commented on 57c96d4 Oct 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.