Skip to content
This repository has been archived by the owner on Sep 25, 2021. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Number of secerity fixes & fix for setup fee #510
  • Loading branch information
renlok committed Nov 22, 2018
1 parent 3eb457d commit 256a5f9
Show file tree
Hide file tree
Showing 20 changed files with 69 additions and 51 deletions.
2 changes: 1 addition & 1 deletion active_auctions.php
Expand Up @@ -66,7 +66,7 @@
$k = 0;
while ($row = $db->fetch()) {
if (strlen($row['pict_url']) > 0) {
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'];
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'];
} else {
$row['pict_url'] = get_lang_img('nopicture.gif');
}
Expand Down
2 changes: 1 addition & 1 deletion admin/editauction.php
Expand Up @@ -36,7 +36,7 @@ function load_gallery($auc_id)
if ($dir = opendir(UPLOAD_PATH . $auc_id)) {
while ($file = @readdir($dir)) {
if ($file != '.' && $file != '..' && strpos($file, 'thumb-') === false) {
$UPLOADED_PICTURES[] = UPLOAD_FOLDER . $auc_id . '/' . $file;
$UPLOADED_PICTURES[] = $file;
}
}
closedir($dir);
Expand Down
2 changes: 1 addition & 1 deletion bid.php
Expand Up @@ -561,7 +561,7 @@ function extend_auction($id, $ends)
'ERROR' => (isset($errmsg)) ? $errmsg : '',
'BID_HISTORY' => (isset($ARETHEREBIDS)) ? $ARETHEREBIDS : '',
'ID' => $id,
'IMAGE' => (!empty($pict_url_plain)) ? '<img src="getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&fromfile=' . UPLOAD_FOLDER . $id . '/' . $pict_url_plain . '" border="0" align="center">' : '&nbsp;',
'IMAGE' => (!empty($pict_url_plain)) ? '<img src="getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $id . '&fromfile=' . $pict_url_plain . '" border="0" align="center">' : '',
'TITLE' => $item_title,
'CURRENT_BID' => $system->print_money($cbid),
'ATYPE' => $atype,
Expand Down
2 changes: 1 addition & 1 deletion closed_auctions.php
Expand Up @@ -65,7 +65,7 @@
$starting_price = $row['current_bid'];

if (strlen($row['pict_url']) > 0) {
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'];
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'];
} else {
$row['pict_url'] = get_lang_img('nopicture.gif');
}
Expand Down
45 changes: 29 additions & 16 deletions getthumb.php
Expand Up @@ -14,9 +14,31 @@

include 'common.php';

// get passed values
$w = (isset($_GET['w'])) ? intval($_GET['w']) : '';
$_w = $w;
$fromfile = (isset($_GET['fromfile'])) ? $_GET['fromfile'] : '';
$fromfile = $_GET['fromfile'];
$auction_id = $_GET['auction_id'];

// check passed values
if (!isset($_GET['fromfile']) ||
!isset($_GET['auction_id']) || !is_numeric($auction_id)) {
ErrorPNG($ERR_716);
exit;
} elseif (!file_exists($_GET['fromfile']) && !fopen($_GET['fromfile'], 'r')) {
ErrorPNG($ERR_716);
exit;
}

if ($fromfile != '') {
// clean fromfile
$fromfile = basename($fromfile);
// build file path
$file_path = UPLOAD_FOLDER . $auction_id . '/' . $fromfile;
} else {
// if empty filename just show default image
$file_path = MAIN_PATH . 'images/email_alerts/default_item_img.jpg';
}

$nomanage = false;
$accepted_widths = array(
$system->SETTINGS['thumb_show'],
Expand Down Expand Up @@ -47,17 +69,8 @@ function load_image($file, $mime, $image_type, $output_type)
exit;
}

// control parameters and file existence
if (!isset($_GET['fromfile']) || $fromfile == '') {
ErrorPNG($ERR_716);
exit;
} elseif (!file_exists($_GET['fromfile']) && !fopen($_GET['fromfile'], 'r')) {
ErrorPNG($ERR_716);
exit;
}

if (file_exists(UPLOAD_PATH . 'cache/' . $w . '-' . md5($fromfile))) {
$img = getimagesize($fromfile);
$img = getimagesize($file_path);
switch ($img[2]) {
case IMAGETYPE_GIF:
if (!(imagetypes() &IMG_GIF)) {
Expand Down Expand Up @@ -98,7 +111,7 @@ function load_image($file, $mime, $image_type, $output_type)
mkdir(UPLOAD_PATH . 'cache', 0777);
}

$img = @getimagesize($fromfile);
$img = @getimagesize($file_path);
if (is_array($img)) {
switch ($img[2]) {
case IMAGETYPE_GIF:
Expand Down Expand Up @@ -141,7 +154,7 @@ function load_image($file, $mime, $image_type, $output_type)
}
if ($w == '') {
// just load the image
load_image($fromfile, $img['mime'], $image_type, $output_type);
load_image($file_path, $img['mime'], $image_type, $output_type);
} else {
// check image orientation
if ($img[0] < $img[1]) {
Expand All @@ -156,9 +169,9 @@ function load_image($file, $mime, $image_type, $output_type)
$ou = imagecreatetruecolor($w, $h);
imagealphablending($ou, false);
$funcall = "imagecreatefrom$image_type";
imagecopyresampled($ou, $funcall($fromfile), 0, 0, 0, 0, $w, $h, $img[0], $img[1]);
imagecopyresampled($ou, $funcall($file_path), 0, 0, 0, 0, $w, $h, $img[0], $img[1]);
$funcall = "image$output_type";
$funcall($ou, UPLOAD_PATH . 'cache/' . $_w . '-' . md5($fromfile));
$funcall($ou, UPLOAD_PATH . 'cache/' . $w . '-' . md5($fromfile));
header('Content-type: ' . $img['mime']);
$funcall($ou);
exit;
Expand Down
2 changes: 1 addition & 1 deletion includes/browseitems.inc.php
Expand Up @@ -116,7 +116,7 @@ function build_items($row)

// image icon
if (!empty($row['pict_url'])) {
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_list'] . '&fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'];
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_list'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'];
} else {
$row['pict_url'] = get_lang_img('nopicture.gif');
}
Expand Down
2 changes: 1 addition & 1 deletion includes/functions_sell.php
Expand Up @@ -398,7 +398,7 @@ function get_fee($minimum_bid, $just_fee = true)
'extracat_fee' => 0
);
while ($row = $db->fetch()) {
if ($minimum_bid >= $row['fee_from'] && $minimum_bid <= $row['fee_to'] && $row['type'] == 'setup') {
if ($minimum_bid >= $row['fee_from'] && $minimum_bid <= $row['fee_to'] && $row['type'] == 'setup_fee') {
if ($row['fee_type'] == 'flat') {
$fee_data['setup_fee'] = $row['value'];
$fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']);
Expand Down
4 changes: 2 additions & 2 deletions index.php
Expand Up @@ -104,7 +104,7 @@ function ShowFlags()
'ENDS' => $ends_string,
'ID' => $row['id'],
'BID' => $system->print_money($high_bid),
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&amp;fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'] : 'images/email_alerts/default_item_img.jpg',
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'] : '',
'TITLE' => htmlspecialchars($row['title'])
));
$i++;
Expand Down Expand Up @@ -188,7 +188,7 @@ function ShowFlags()
'ENDS' => $ends_string,
'ID' => $row['id'],
'BID' => $system->print_money($high_bid),
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&amp;fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'] : 'images/email_alerts/default_item_img.jpg',
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&amp;fromfile=' . $row['pict_url'] : '',
'TITLE' => htmlspecialchars($row['title'])
));
}
Expand Down
2 changes: 1 addition & 1 deletion item.php
Expand Up @@ -466,7 +466,7 @@
'TITLE' => htmlspecialchars($auction_data['title']),
'SUBTITLE' => htmlspecialchars($auction_data['subtitle']),
'AUCTION_DESCRIPTION' => $auction_data['description'],
'PIC_URL' => UPLOAD_FOLDER . $id . '/' . $auction_data['pict_url'],
'PIC_URL' => $auction_data['pict_url'],
'SHIPPING_COST' => ($auction_data['shipping_cost'] > 0) ? $system->print_money($auction_data['shipping_cost']) : $MSG['1152'],
'ADDITIONAL_SHIPPING_COST' => $system->print_money($auction_data['additional_shipping_cost']),
'COUNTRY' => $auction_data['country'],
Expand Down
18 changes: 9 additions & 9 deletions register.php
Expand Up @@ -448,15 +448,15 @@ function emailDomainIsBlacklisted($email)

'V_YNEWSL' => ((isset($_POST['TPL_nletter']) && $_POST['TPL_nletter'] == 1) || !isset($_POST['TPL_nletter'])) ? 'checked=true' : '',
'V_NNEWSL' => (isset($_POST['TPL_nletter']) && $_POST['TPL_nletter'] == 2) ? 'checked=true' : '',
'V_YNAME' => (isset($_POST['TPL_name'])) ? $_POST['TPL_name'] : '',
'V_UNAME' => (isset($_POST['TPL_nick'])) ? $_POST['TPL_nick'] : '',
'V_EMAIL' => (isset($_POST['TPL_email'])) ? $_POST['TPL_email'] : '',
'V_YEAR' => (isset($_POST['TPL_year'])) ? $_POST['TPL_year'] : '',
'V_ADDRE' => (isset($_POST['TPL_address'])) ? $_POST['TPL_address'] : '',
'V_CITY' => (isset($_POST['TPL_city'])) ? $_POST['TPL_city'] : '',
'V_PROV' => (isset($_POST['TPL_prov'])) ? $_POST['TPL_prov'] : '',
'V_POSTCODE' => (isset($_POST['TPL_zip'])) ? $_POST['TPL_zip'] : '',
'V_PHONE' => (isset($_POST['TPL_phone'])) ? $_POST['TPL_phone'] : ''
'V_YNAME' => (isset($_POST['TPL_name'])) ? $system->cleanvars($_POST['TPL_name']) : '',
'V_UNAME' => (isset($_POST['TPL_nick'])) ? $system->cleanvars($_POST['TPL_nick']) : '',
'V_EMAIL' => (isset($_POST['TPL_email'])) ? $system->cleanvars($_POST['TPL_email']) : '',
'V_YEAR' => (isset($_POST['TPL_year'])) ? $system->cleanvars($_POST['TPL_year']) : '',
'V_ADDRE' => (isset($_POST['TPL_address'])) ? $system->cleanvars($_POST['TPL_address']) : '',
'V_CITY' => (isset($_POST['TPL_city'])) ? $system->cleanvars($_POST['TPL_city']) : '',
'V_PROV' => (isset($_POST['TPL_prov'])) ? $system->cleanvars($_POST['TPL_prov']) : '',
'V_POSTCODE' => (isset($_POST['TPL_zip'])) ? $system->cleanvars($_POST['TPL_zip']) : '',
'V_PHONE' => (isset($_POST['TPL_phone'])) ? $system->cleanvars($_POST['TPL_phone']) : ''
));

include 'header.php';
Expand Down
2 changes: 1 addition & 1 deletion themes/adminClassic/editauction.tpl
Expand Up @@ -71,7 +71,7 @@
<!-- BEGIN gallery -->
<div class="button" style=" height:100px; float:left; margin:5px; padding:10px 5px 20px 10px;">
<a href="{SITEURL}/{gallery.V}" title="{gallery.V}" target="_blank">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}" border="0" height="100px">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}&auction_id={ID}" border="0" height="100px">
</a><br>
<input type="checkbox" name="gallery[]" value="{gallery.V}">
</div>
Expand Down
2 changes: 1 addition & 1 deletion themes/adminModern/editauction.tpl
Expand Up @@ -71,7 +71,7 @@
<!-- BEGIN gallery -->
<div style="width:50px; float: left;">
<a href="{SITEURL}/{gallery.V}" title="{gallery.V}" target="_blank">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}" border="0" hspace="10">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}&auction_id={ID}" border="0" hspace="10">
</a>
<input type="checkbox" name="gallery[]" value="{gallery.V}">
</div>
Expand Down
4 changes: 2 additions & 2 deletions themes/classic/item.tpl
Expand Up @@ -81,7 +81,7 @@ $(document).ready(function() {
<table bgcolor="#ffffff">
<tr>
<td align='center'>
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={PIC_URL}" border="0" align="center"><br>
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={PIC_URL}&auction_id={ID}" border="0" align="center"><br>
<!-- IF B_HASGALELRY -->
<a href="#gallery"><img src="{SITEURL}images/gallery.gif" border="0" alt="gallery"> {L_694}</a>
<!-- ENDIF -->
Expand Down Expand Up @@ -308,7 +308,7 @@ $(document).ready(function() {
<!-- BEGIN gallery -->
<td>
<a href="{SITEURL}{UPLOADEDPATH}{ID}/{gallery.V}" title="" data-lightbox="gallery">
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={UPLOADEDPATH}{ID}/{gallery.V}" border="0" hspace="10">
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={gallery.V}&auction_id={ID}" border="0" hspace="10">
</a>
</td>
<!-- END gallery -->
Expand Down
4 changes: 2 additions & 2 deletions themes/modern/item.tpl
Expand Up @@ -57,7 +57,7 @@ $(document).ready(function() {
<div class="panel-heading"><span class="label label-default">{L_113}: {ID}</span></div>
<div class="panel-body">
<div class="col-md-12">
<img class="img-rounded img-responsive center-block" src="{SITEURL}getthumb.php?w=430&fromfile={PIC_URL}" border="0" align="center" width="430px">
<img class="img-rounded img-responsive center-block" src="{SITEURL}getthumb.php?w=430&fromfile={PIC_URL}&auction_id={ID}" border="0" align="center" width="430px">
</div>
<!-- IF B_HASGALELRY -->
<div>
Expand All @@ -66,7 +66,7 @@ $(document).ready(function() {
<!-- BEGIN gallery -->
<div class="col-md-4 col-xs-4 col-sm-4">
<a href="{SITEURL}{UPLOADEDPATH}{ID}/{gallery.V}" title="" data-lightbox="gallery">
<img class="img-rounded img-responsive" src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={UPLOADEDPATH}{ID}/{gallery.V}" border="0"></a>
<img class="img-rounded img-responsive" src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={gallery.V}&auction_id={ID}" border="0"></a>
</div>
<!-- END gallery -->
</div>
Expand Down
2 changes: 1 addition & 1 deletion user_login.php
Expand Up @@ -124,7 +124,7 @@

$template->assign_vars(array(
'ERROR' => (isset($ERR)) ? $ERR : '',
'USER' => (isset($_POST['username'])) ? $_POST['username'] : ''
'USER' => (isset($_POST['username'])) ? $system->cleanvars($_POST['username']) : ''
));

include 'header.php';
Expand Down
5 changes: 3 additions & 2 deletions yourauctions.php
Expand Up @@ -99,8 +99,9 @@
$_SESSION['oa_ord'] = 'title';
$_SESSION['oa_type'] = 'asc';
} elseif (!empty($_GET['oa_ord'])) {
$_SESSION['oa_ord'] = $_GET['oa_ord'];
$_SESSION['oa_type'] = $_GET['oa_type'];
// check oa_ord && oa_type are valid
$_SESSION['oa_ord'] = (in_array($_GET['oa_ord'], array('title', 'starts', 'ends', 'num_bids', 'current_bid'))) ? $_GET['oa_ord'] : 'title';
$_SESSION['oa_type'] = (in_array($_GET['oa_type'], array('asc', 'desc'))) ? $_GET['oa_type'] : 'asc';
} elseif (isset($_SESSION['oa_ord']) && empty($_GET['oa_ord'])) {
$_SESSION['oa_nexttype'] = $_SESSION['oa_type'];
}
Expand Down
5 changes: 3 additions & 2 deletions yourauctions_c.php
Expand Up @@ -204,8 +204,9 @@
$_SESSION['ca_ord'] = 'title';
$_SESSION['ca_type'] = 'asc';
} elseif (!empty($_GET['ca_ord'])) {
$_SESSION['ca_ord'] = $_GET['ca_ord'];
$_SESSION['ca_type'] = $_GET['ca_type'];
// check oa_ord && oa_type are valid
$_SESSION['ca_ord'] = (in_array($_GET['ca_ord'], array('title', 'starts', 'ends', 'num_bids', 'current_bid'))) ? $_GET['ca_ord'] : 'title';
$_SESSION['ca_type'] = (in_array($_GET['ca_type'], array('asc', 'desc'))) ? $_GET['ca_type'] : 'asc';
} elseif (isset($_SESSION['ca_ord']) && empty($_GET['ca_ord'])) {
$_SESSION['ca_nexttype'] = $_SESSION['ca_type'];
}
Expand Down
5 changes: 3 additions & 2 deletions yourauctions_p.php
Expand Up @@ -109,8 +109,9 @@
$_SESSION['pa_ord'] = 'title';
$_SESSION['pa_type'] = 'asc';
} elseif (!empty($_GET['pa_ord'])) {
$_SESSION['pa_ord'] = $_GET['pa_ord'];
$_SESSION['pa_type'] = $_GET['pa_type'];
// check oa_ord && oa_type are valid
$_SESSION['pa_ord'] = (in_array($_GET['pa_ord'], array('title', 'starts', 'ends'))) ? $_GET['pa_ord'] : 'title';
$_SESSION['pa_type'] = (in_array($_GET['pa_type'], array('asc', 'desc'))) ? $_GET['pa_type'] : 'asc';
} elseif (isset($_SESSION['pa_ord']) && empty($_GET['pa_ord'])) {
$_SESSION['pa_nexttype'] = $_SESSION['pa_type'];
}
Expand Down
5 changes: 3 additions & 2 deletions yourauctions_s.php
Expand Up @@ -81,8 +81,9 @@
$_SESSION['sa_ord'] = 'title';
$_SESSION['sa_type'] = 'asc';
} elseif (!empty($_GET['sa_ord'])) {
$_SESSION['sa_ord'] = $_GET['sa_ord'];
$_SESSION['sa_type'] = $_GET['sa_type'];
// check oa_ord && oa_type are valid
$_SESSION['sa_ord'] = (in_array($_GET['sa_ord'], array('title', 'num_bids', 'current_bid'))) ? $_GET['sa_ord'] : 'title';
$_SESSION['sa_type'] = (in_array($_GET['sa_type'], array('asc', 'desc'))) ? $_GET['sa_type'] : 'asc';
} elseif (isset($_SESSION['sa_ord']) && empty($_GET['sa_ord'])) {
$_SESSION['sa_nexttype'] = $_SESSION['sa_type'];
}
Expand Down
5 changes: 3 additions & 2 deletions yourauctions_sold.php
Expand Up @@ -149,8 +149,9 @@
$_SESSION['solda_ord'] = 'title';
$_SESSION['solda_type'] = 'asc';
} elseif (!empty($_GET['solda_ord'])) {
$_SESSION['solda_ord'] = $_GET['solda_ord'];
$_SESSION['solda_type'] = $_GET['solda_type'];
// check oa_ord && oa_type are valid
$_SESSION['solda_ord'] = (in_array($_GET['solda_ord'], array('title', 'starts', 'ends', 'num_bids', 'current_bid'))) ? $_GET['solda_ord'] : 'title';
$_SESSION['solda_type'] = (in_array($_GET['solda_type'], array('asc', 'desc'))) ? $_GET['solda_type'] : 'asc';
} elseif (isset($_SESSION['solda_ord']) && empty($_GET['solda_ord'])) {
$_SESSION['solda_nexttype'] = $_SESSION['solda_type'];
}
Expand Down

2 comments on commit 256a5f9

@MESWEB
Copy link
Contributor

@MESWEB MESWEB commented on 256a5f9 Nov 26, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not working. Pictures don't want load.

Warning [2] fopen(o_1cobircmi1n8r1e2nrpgdgdgffd9hud.jpg): failed to open stream: No such file or directory on /public_html/getthumb.php line 27

@david62311
Copy link
Contributor

@david62311 david62311 commented on 256a5f9 Dec 8, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The links to find the thumbnails and images in the uploaded folder are no longer linked correctly after UPLOAD_FOLDER was removed. I assume there will be more updates coming when some time is found to update it. I am not sure but, I am wondering if that code mod for the thumbnails and images could of been done in the common.php file in the defined UPLOAD_FOLDER code.

The thumbnails do show on the sell.php page when you upload an image to auction off an item before the final submit. The images also show on the upldgallery.php page. After the final submit, the images don't show anywhere.

Please sign in to comment.