mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-03 21:27:25 +02:00
Code Issues Releases Wiki Activity

Improve input vetting - thanks Fanat1k

Browse Source
This commit is contained in:
e107steved
2008-10-03 20:15:09 +00:00
parent a9e8112577
commit e0261976d9
1 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
e107_plugins/rss_menu/rss.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_plugins/rss_menu/rss.php,v $ | $Source: /cvs_backup/e107_0.8/e107_plugins/rss_menu/rss.php,v $
| $Revision: 1.6 $ | $Revision: 1.7 $
| $Date: 2008-09-23 20:03:45 $ | $Date: 2008-10-03 20:15:09 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -54,14 +54,21 @@ if (is_readable(THEME."rss_template.php")) {
} }
//query handler //query handler
list($content_type, $rss_type, $topic_id) = explode(".", e_QUERY); if (e_QUERY)
{
$tmp = explode(".", e_QUERY);
$content_type = $tp->toDB($tmp[0]);
$rss_type = intval(varset($tmp[1],0));
$topic_id = $tp->toDB($tmp[2],'');
}
//list available rss feeds //list available rss feeds
if (intval($rss_type) == false) { if (!$rss_type)
{
require_once(HEADERF); require_once(HEADERF);
require_once(e_PLUGIN."rss_menu/rss_template.php"); require_once(e_PLUGIN."rss_menu/rss_template.php");
if(!$sql->db_Select("rss", "*", "rss_class='0' AND rss_limit>0 AND rss_topicid NOT REGEXP ('\\\*') ORDER BY rss_name")) if(!$sql->db_Select("rss", "*", "`rss_class`='0' AND `rss_limit`>0 AND `rss_topicid` NOT REGEXP ('\\\*') ORDER BY `rss_name`"))
{ {
$ns->tablerender(LAN_ERROR, RSS_LAN_ERROR_4); $ns->tablerender(LAN_ERROR, RSS_LAN_ERROR_4);
} }
@@ -88,14 +95,17 @@ $conversion[12] = "download";
//------------------------------------- //-------------------------------------
//convert certain old urls so we can check the db entries --------------------- //convert certain old urls so we can check the db entries ---------------------
if($topic_id){ if($topic_id)
//rss.php?1.2.14 (news, rss-2, cat=14) { //rss.php?1.2.14 (news, rss-2, cat=14)
if(is_numeric($content_type) && isset($conversion[$content_type]) ){ if(is_numeric($content_type) && isset($conversion[$content_type]) )
{
$content_type = $conversion[$content_type]; $content_type = $conversion[$content_type];
} }
}else{ }
//rss.php?1.2 (news, rss-2) --> check = news (check conversion table) else
if(is_numeric($content_type) && isset($conversion[$content_type]) ){ { //rss.php?1.2 (news, rss-2) --> check = news (check conversion table)
if(is_numeric($content_type) && isset($conversion[$content_type]) )
{
$content_type = $conversion[$content_type]; $content_type = $conversion[$content_type];
} }
} }
@@ -112,10 +122,14 @@ if(!$sql -> db_Select("rss", "*", "rss_class!='2' AND rss_url='".$content_type."
$ns->tablerender("", RSS_LAN_ERROR_1); $ns->tablerender("", RSS_LAN_ERROR_1);
require_once(FOOTERF); require_once(FOOTERF);
exit; exit;
}else{ }
else
{
$row = $sql->db_Fetch(); $row = $sql->db_Fetch();
} }
}else{ }
else
{
$row = $sql->db_Fetch(); $row = $sql->db_Fetch();
} }