Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

only load settings from vars.php that are whitelisted

  • Loading branch information...
commit c4f533eb77fe2a1634bd35d83ea187ce0c56cdb0 1 parent 4d1e113
@tommyrot authored
Showing with 10 additions and 4 deletions.
  1. +5 −2 www/history.php
  2. +5 −2 www/user.php
View
7 www/history.php
@@ -22,7 +22,7 @@
final class history
{
/**
- * Default settings for this script, can be overridden in the vars.php file.
+ * Default settings for this script, can be overridden in the vars.php file. Should be present in $settings_whitelist in order to get changed.
*/
private $channel = '';
private $db_host = '127.0.0.1';
@@ -53,6 +53,7 @@
private $month = 0;
private $monthname = '';
private $mysqli;
+ private $settings_whitelist = array('channel', 'db_host', 'db_name', 'db_pass', 'db_port', 'db_user', 'debug', 'mainpage', 'maxrows_people_month', 'maxrows_people_timeofday', 'maxrows_people_year', 'stylesheet', 'timezone', 'userstats');
private $year = 0;
private $year_firstlogparsed = 0;
private $year_lastlogparsed = 0;
@@ -78,7 +79,9 @@ public function __construct($cid, $year, $month)
* $cid is the channel ID used in vars.php and is passed along in the URL so that channel specific settings can be identified and loaded.
*/
foreach ($settings[$this->cid] as $key => $value) {
- $this->$key = $value;
+ if (in_array($key, $this->settings_whitelist)) {
+ $this->$key = $value;
+ }
}
date_default_timezone_set($this->timezone);
View
7 www/user.php
@@ -22,7 +22,7 @@
final class user
{
/**
- * Default settings for this script, can be overridden in the vars.php file.
+ * Default settings for this script, can be overridden in the vars.php file. Should be present in $settings_whitelist in order to get changed.
*/
private $channel = '';
private $db_host = '127.0.0.1';
@@ -61,6 +61,7 @@
private $mysqli;
private $nick = '';
private $ruid = 0;
+ private $settings_whitelist = array('channel', 'db_host', 'db_name', 'db_pass', 'db_port', 'db_user', 'debug', 'mainpage', 'stylesheet', 'timezone');
private $year = 0;
private $years = 0;
@@ -84,7 +85,9 @@ public function __construct($cid, $nick)
* $cid is the channel ID used in vars.php and is passed along in the URL so that channel specific settings can be identified and loaded.
*/
foreach ($settings[$this->cid] as $key => $value) {
- $this->$key = $value;
+ if (in_array($key, $this->settings_whitelist)) {
+ $this->$key = $value;
+ }
}
date_default_timezone_set($this->timezone);
Please sign in to comment.
Something went wrong with that request. Please try again.