Permalink
Browse files

Number of secerity fixes & fix for setup fee #510

  • Loading branch information...
renlok committed Nov 22, 2018
1 parent 3eb457d commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f
@@ -66,7 +66,7 @@
$k = 0;
while ($row = $db->fetch()) {
if (strlen($row['pict_url']) > 0) {
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'];
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'];
} else {
$row['pict_url'] = get_lang_img('nopicture.gif');
}
@@ -36,7 +36,7 @@ function load_gallery($auc_id)
if ($dir = opendir(UPLOAD_PATH . $auc_id)) {
while ($file = @readdir($dir)) {
if ($file != '.' && $file != '..' && strpos($file, 'thumb-') === false) {
$UPLOADED_PICTURES[] = UPLOAD_FOLDER . $auc_id . '/' . $file;
$UPLOADED_PICTURES[] = $file;
}
}
closedir($dir);
@@ -561,7 +561,7 @@ function extend_auction($id, $ends)
'ERROR' => (isset($errmsg)) ? $errmsg : '',
'BID_HISTORY' => (isset($ARETHEREBIDS)) ? $ARETHEREBIDS : '',
'ID' => $id,
'IMAGE' => (!empty($pict_url_plain)) ? '<img src="getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&fromfile=' . UPLOAD_FOLDER . $id . '/' . $pict_url_plain . '" border="0" align="center">' : '&nbsp;',
'IMAGE' => (!empty($pict_url_plain)) ? '<img src="getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $id . '&fromfile=' . $pict_url_plain . '" border="0" align="center">' : '',
'TITLE' => $item_title,
'CURRENT_BID' => $system->print_money($cbid),
'ATYPE' => $atype,
@@ -65,7 +65,7 @@
$starting_price = $row['current_bid'];
if (strlen($row['pict_url']) > 0) {
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'];
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'];
} else {
$row['pict_url'] = get_lang_img('nopicture.gif');
}
@@ -14,9 +14,31 @@
include 'common.php';
// get passed values
$w = (isset($_GET['w'])) ? intval($_GET['w']) : '';
$_w = $w;
$fromfile = (isset($_GET['fromfile'])) ? $_GET['fromfile'] : '';
$fromfile = $_GET['fromfile'];
$auction_id = $_GET['auction_id'];
// check passed values
if (!isset($_GET['fromfile']) ||
!isset($_GET['auction_id']) || !is_numeric($auction_id)) {
ErrorPNG($ERR_716);
exit;
} elseif (!file_exists($_GET['fromfile']) && !fopen($_GET['fromfile'], 'r')) {
ErrorPNG($ERR_716);
exit;
}
if ($fromfile != '') {
// clean fromfile
$fromfile = basename($fromfile);
// build file path
$file_path = UPLOAD_FOLDER . $auction_id . '/' . $fromfile;
} else {
// if empty filename just show default image
$file_path = MAIN_PATH . 'images/email_alerts/default_item_img.jpg';
}
$nomanage = false;
$accepted_widths = array(
$system->SETTINGS['thumb_show'],
@@ -47,17 +69,8 @@ function load_image($file, $mime, $image_type, $output_type)
exit;
}
// control parameters and file existence
if (!isset($_GET['fromfile']) || $fromfile == '') {
ErrorPNG($ERR_716);
exit;
} elseif (!file_exists($_GET['fromfile']) && !fopen($_GET['fromfile'], 'r')) {
ErrorPNG($ERR_716);
exit;
}
if (file_exists(UPLOAD_PATH . 'cache/' . $w . '-' . md5($fromfile))) {
$img = getimagesize($fromfile);
$img = getimagesize($file_path);
switch ($img[2]) {
case IMAGETYPE_GIF:
if (!(imagetypes() &IMG_GIF)) {
@@ -98,7 +111,7 @@ function load_image($file, $mime, $image_type, $output_type)
mkdir(UPLOAD_PATH . 'cache', 0777);
}
$img = @getimagesize($fromfile);
$img = @getimagesize($file_path);
if (is_array($img)) {
switch ($img[2]) {
case IMAGETYPE_GIF:
@@ -141,7 +154,7 @@ function load_image($file, $mime, $image_type, $output_type)
}
if ($w == '') {
// just load the image
load_image($fromfile, $img['mime'], $image_type, $output_type);
load_image($file_path, $img['mime'], $image_type, $output_type);
} else {
// check image orientation
if ($img[0] < $img[1]) {
@@ -156,9 +169,9 @@ function load_image($file, $mime, $image_type, $output_type)
$ou = imagecreatetruecolor($w, $h);
imagealphablending($ou, false);
$funcall = "imagecreatefrom$image_type";
imagecopyresampled($ou, $funcall($fromfile), 0, 0, 0, 0, $w, $h, $img[0], $img[1]);
imagecopyresampled($ou, $funcall($file_path), 0, 0, 0, 0, $w, $h, $img[0], $img[1]);
$funcall = "image$output_type";
$funcall($ou, UPLOAD_PATH . 'cache/' . $_w . '-' . md5($fromfile));
$funcall($ou, UPLOAD_PATH . 'cache/' . $w . '-' . md5($fromfile));
header('Content-type: ' . $img['mime']);
$funcall($ou);
exit;
@@ -116,7 +116,7 @@ function build_items($row)
// image icon
if (!empty($row['pict_url'])) {
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_list'] . '&fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'];
$row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_list'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'];
} else {
$row['pict_url'] = get_lang_img('nopicture.gif');
}
@@ -398,7 +398,7 @@ function get_fee($minimum_bid, $just_fee = true)
'extracat_fee' => 0
);
while ($row = $db->fetch()) {
if ($minimum_bid >= $row['fee_from'] && $minimum_bid <= $row['fee_to'] && $row['type'] == 'setup') {
if ($minimum_bid >= $row['fee_from'] && $minimum_bid <= $row['fee_to'] && $row['type'] == 'setup_fee') {
if ($row['fee_type'] == 'flat') {
$fee_data['setup_fee'] = $row['value'];
$fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']);
@@ -104,7 +104,7 @@ function ShowFlags()
'ENDS' => $ends_string,
'ID' => $row['id'],
'BID' => $system->print_money($high_bid),
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&amp;fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'] : 'images/email_alerts/default_item_img.jpg',
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url'] : '',
'TITLE' => htmlspecialchars($row['title'])
));
$i++;
@@ -188,7 +188,7 @@ function ShowFlags()
'ENDS' => $ends_string,
'ID' => $row['id'],
'BID' => $system->print_money($high_bid),
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&amp;fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url'] : 'images/email_alerts/default_item_img.jpg',
'IMAGE' => (!empty($row['pict_url'])) ? 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&amp;fromfile=' . $row['pict_url'] : '',
'TITLE' => htmlspecialchars($row['title'])
));
}
@@ -466,7 +466,7 @@
'TITLE' => htmlspecialchars($auction_data['title']),
'SUBTITLE' => htmlspecialchars($auction_data['subtitle']),
'AUCTION_DESCRIPTION' => $auction_data['description'],
'PIC_URL' => UPLOAD_FOLDER . $id . '/' . $auction_data['pict_url'],
'PIC_URL' => $auction_data['pict_url'],
'SHIPPING_COST' => ($auction_data['shipping_cost'] > 0) ? $system->print_money($auction_data['shipping_cost']) : $MSG['1152'],
'ADDITIONAL_SHIPPING_COST' => $system->print_money($auction_data['additional_shipping_cost']),
'COUNTRY' => $auction_data['country'],
@@ -448,15 +448,15 @@ function emailDomainIsBlacklisted($email)
'V_YNEWSL' => ((isset($_POST['TPL_nletter']) && $_POST['TPL_nletter'] == 1) || !isset($_POST['TPL_nletter'])) ? 'checked=true' : '',
'V_NNEWSL' => (isset($_POST['TPL_nletter']) && $_POST['TPL_nletter'] == 2) ? 'checked=true' : '',
'V_YNAME' => (isset($_POST['TPL_name'])) ? $_POST['TPL_name'] : '',
'V_UNAME' => (isset($_POST['TPL_nick'])) ? $_POST['TPL_nick'] : '',
'V_EMAIL' => (isset($_POST['TPL_email'])) ? $_POST['TPL_email'] : '',
'V_YEAR' => (isset($_POST['TPL_year'])) ? $_POST['TPL_year'] : '',
'V_ADDRE' => (isset($_POST['TPL_address'])) ? $_POST['TPL_address'] : '',
'V_CITY' => (isset($_POST['TPL_city'])) ? $_POST['TPL_city'] : '',
'V_PROV' => (isset($_POST['TPL_prov'])) ? $_POST['TPL_prov'] : '',
'V_POSTCODE' => (isset($_POST['TPL_zip'])) ? $_POST['TPL_zip'] : '',
'V_PHONE' => (isset($_POST['TPL_phone'])) ? $_POST['TPL_phone'] : ''
'V_YNAME' => (isset($_POST['TPL_name'])) ? $system->cleanvars($_POST['TPL_name']) : '',
'V_UNAME' => (isset($_POST['TPL_nick'])) ? $system->cleanvars($_POST['TPL_nick']) : '',
'V_EMAIL' => (isset($_POST['TPL_email'])) ? $system->cleanvars($_POST['TPL_email']) : '',
'V_YEAR' => (isset($_POST['TPL_year'])) ? $system->cleanvars($_POST['TPL_year']) : '',
'V_ADDRE' => (isset($_POST['TPL_address'])) ? $system->cleanvars($_POST['TPL_address']) : '',
'V_CITY' => (isset($_POST['TPL_city'])) ? $system->cleanvars($_POST['TPL_city']) : '',
'V_PROV' => (isset($_POST['TPL_prov'])) ? $system->cleanvars($_POST['TPL_prov']) : '',
'V_POSTCODE' => (isset($_POST['TPL_zip'])) ? $system->cleanvars($_POST['TPL_zip']) : '',
'V_PHONE' => (isset($_POST['TPL_phone'])) ? $system->cleanvars($_POST['TPL_phone']) : ''
));
include 'header.php';
@@ -71,7 +71,7 @@
<!-- BEGIN gallery -->
<div class="button" style=" height:100px; float:left; margin:5px; padding:10px 5px 20px 10px;">
<a href="{SITEURL}/{gallery.V}" title="{gallery.V}" target="_blank">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}" border="0" height="100px">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}&auction_id={ID}" border="0" height="100px">
</a><br>
<input type="checkbox" name="gallery[]" value="{gallery.V}">
</div>
@@ -71,7 +71,7 @@
<!-- BEGIN gallery -->
<div style="width:50px; float: left;">
<a href="{SITEURL}/{gallery.V}" title="{gallery.V}" target="_blank">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}" border="0" hspace="10">
<img src="{SITEURL}getthumb.php?fromfile={gallery.V}&auction_id={ID}" border="0" hspace="10">
</a>
<input type="checkbox" name="gallery[]" value="{gallery.V}">
</div>
@@ -81,7 +81,7 @@ $(document).ready(function() {
<table bgcolor="#ffffff">
<tr>
<td align='center'>
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={PIC_URL}" border="0" align="center"><br>
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={PIC_URL}&auction_id={ID}" border="0" align="center"><br>
<!-- IF B_HASGALELRY -->
<a href="#gallery"><img src="{SITEURL}images/gallery.gif" border="0" alt="gallery"> {L_694}</a>
<!-- ENDIF -->
@@ -308,7 +308,7 @@ $(document).ready(function() {
<!-- BEGIN gallery -->
<td>
<a href="{SITEURL}{UPLOADEDPATH}{ID}/{gallery.V}" title="" data-lightbox="gallery">
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={UPLOADEDPATH}{ID}/{gallery.V}" border="0" hspace="10">
<img src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={gallery.V}&auction_id={ID}" border="0" hspace="10">
</a>
</td>
<!-- END gallery -->
@@ -57,7 +57,7 @@ $(document).ready(function() {
<div class="panel-heading"><span class="label label-default">{L_113}: {ID}</span></div>
<div class="panel-body">
<div class="col-md-12">
<img class="img-rounded img-responsive center-block" src="{SITEURL}getthumb.php?w=430&fromfile={PIC_URL}" border="0" align="center" width="430px">
<img class="img-rounded img-responsive center-block" src="{SITEURL}getthumb.php?w=430&fromfile={PIC_URL}&auction_id={ID}" border="0" align="center" width="430px">
</div>
<!-- IF B_HASGALELRY -->
<div>
@@ -66,7 +66,7 @@ $(document).ready(function() {
<!-- BEGIN gallery -->
<div class="col-md-4 col-xs-4 col-sm-4">
<a href="{SITEURL}{UPLOADEDPATH}{ID}/{gallery.V}" title="" data-lightbox="gallery">
<img class="img-rounded img-responsive" src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={UPLOADEDPATH}{ID}/{gallery.V}" border="0"></a>
<img class="img-rounded img-responsive" src="{SITEURL}getthumb.php?w={THUMBWIDTH}&fromfile={gallery.V}&auction_id={ID}" border="0"></a>
</div>
<!-- END gallery -->
</div>
@@ -124,7 +124,7 @@
$template->assign_vars(array(
'ERROR' => (isset($ERR)) ? $ERR : '',
'USER' => (isset($_POST['username'])) ? $_POST['username'] : ''
'USER' => (isset($_POST['username'])) ? $system->cleanvars($_POST['username']) : ''
));
include 'header.php';
@@ -99,8 +99,9 @@
$_SESSION['oa_ord'] = 'title';
$_SESSION['oa_type'] = 'asc';
} elseif (!empty($_GET['oa_ord'])) {
$_SESSION['oa_ord'] = $_GET['oa_ord'];
$_SESSION['oa_type'] = $_GET['oa_type'];
// check oa_ord && oa_type are valid
$_SESSION['oa_ord'] = (in_array($_GET['oa_ord'], array('title', 'starts', 'ends', 'num_bids', 'current_bid'))) ? $_GET['oa_ord'] : 'title';
$_SESSION['oa_type'] = (in_array($_GET['oa_type'], array('asc', 'desc'))) ? $_GET['oa_type'] : 'asc';
} elseif (isset($_SESSION['oa_ord']) && empty($_GET['oa_ord'])) {
$_SESSION['oa_nexttype'] = $_SESSION['oa_type'];
}
@@ -204,8 +204,9 @@
$_SESSION['ca_ord'] = 'title';
$_SESSION['ca_type'] = 'asc';
} elseif (!empty($_GET['ca_ord'])) {
$_SESSION['ca_ord'] = $_GET['ca_ord'];
$_SESSION['ca_type'] = $_GET['ca_type'];
// check oa_ord && oa_type are valid
$_SESSION['ca_ord'] = (in_array($_GET['ca_ord'], array('title', 'starts', 'ends', 'num_bids', 'current_bid'))) ? $_GET['ca_ord'] : 'title';
$_SESSION['ca_type'] = (in_array($_GET['ca_type'], array('asc', 'desc'))) ? $_GET['ca_type'] : 'asc';
} elseif (isset($_SESSION['ca_ord']) && empty($_GET['ca_ord'])) {
$_SESSION['ca_nexttype'] = $_SESSION['ca_type'];
}
@@ -109,8 +109,9 @@
$_SESSION['pa_ord'] = 'title';
$_SESSION['pa_type'] = 'asc';
} elseif (!empty($_GET['pa_ord'])) {
$_SESSION['pa_ord'] = $_GET['pa_ord'];
$_SESSION['pa_type'] = $_GET['pa_type'];
// check oa_ord && oa_type are valid
$_SESSION['pa_ord'] = (in_array($_GET['pa_ord'], array('title', 'starts', 'ends'))) ? $_GET['pa_ord'] : 'title';
$_SESSION['pa_type'] = (in_array($_GET['pa_type'], array('asc', 'desc'))) ? $_GET['pa_type'] : 'asc';
} elseif (isset($_SESSION['pa_ord']) && empty($_GET['pa_ord'])) {
$_SESSION['pa_nexttype'] = $_SESSION['pa_type'];
}
@@ -81,8 +81,9 @@
$_SESSION['sa_ord'] = 'title';
$_SESSION['sa_type'] = 'asc';
} elseif (!empty($_GET['sa_ord'])) {
$_SESSION['sa_ord'] = $_GET['sa_ord'];
$_SESSION['sa_type'] = $_GET['sa_type'];
// check oa_ord && oa_type are valid
$_SESSION['sa_ord'] = (in_array($_GET['sa_ord'], array('title', 'num_bids', 'current_bid'))) ? $_GET['sa_ord'] : 'title';
$_SESSION['sa_type'] = (in_array($_GET['sa_type'], array('asc', 'desc'))) ? $_GET['sa_type'] : 'asc';
} elseif (isset($_SESSION['sa_ord']) && empty($_GET['sa_ord'])) {
$_SESSION['sa_nexttype'] = $_SESSION['sa_type'];
}
@@ -149,8 +149,9 @@
$_SESSION['solda_ord'] = 'title';
$_SESSION['solda_type'] = 'asc';
} elseif (!empty($_GET['solda_ord'])) {
$_SESSION['solda_ord'] = $_GET['solda_ord'];
$_SESSION['solda_type'] = $_GET['solda_type'];
// check oa_ord && oa_type are valid
$_SESSION['solda_ord'] = (in_array($_GET['solda_ord'], array('title', 'starts', 'ends', 'num_bids', 'current_bid'))) ? $_GET['solda_ord'] : 'title';
$_SESSION['solda_type'] = (in_array($_GET['solda_type'], array('asc', 'desc'))) ? $_GET['solda_type'] : 'asc';
} elseif (isset($_SESSION['solda_ord']) && empty($_GET['solda_ord'])) {
$_SESSION['solda_nexttype'] = $_SESSION['solda_type'];
}

2 comments on commit 256a5f9

@MESWEB

This comment has been minimized.

Copy link
Contributor

MESWEB replied Nov 26, 2018

Not working. Pictures don't want load.

Warning [2] fopen(o_1cobircmi1n8r1e2nrpgdgdgffd9hud.jpg): failed to open stream: No such file or directory on /public_html/getthumb.php line 27

@david62311

This comment has been minimized.

Copy link
Contributor

david62311 replied Dec 8, 2018

The links to find the thumbnails and images in the uploaded folder are no longer linked correctly after UPLOAD_FOLDER was removed. I assume there will be more updates coming when some time is found to update it. I am not sure but, I am wondering if that code mod for the thumbnails and images could of been done in the common.php file in the defined UPLOAD_FOLDER code.

The thumbnails do show on the sell.php page when you upload an image to auction off an item before the final submit. The images also show on the upldgallery.php page. After the final submit, the images don't show anywhere.

Please sign in to comment.