diff --git a/class2.php b/class2.php index 0e5497ff7..a0bec62a3 100644 --- a/class2.php +++ b/class2.php @@ -599,7 +599,7 @@ if(!empty($pref['redirectsiteurl']) && !empty($pref['siteurl'])) { $aeSELF[1] = ''; // Defensive code: ensure http:// not http:// $aeSELF[2] = $aPrefURL[2]; // Swap in correct domain and possibly port $location = implode('/',$aeSELF).($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : ''); - + $location = filter_var($location, FILTER_SANITIZE_URL); // // header("Location: {$location}", true, 301); // send 301 header, not 302 if(defined('e_DEBUG') && e_DEBUG === true) @@ -835,9 +835,10 @@ if (!function_exists('checkvalidtheme')) require_once(e_HANDLER.'theme_handler.php'); $themeobj = new themeHandler; $themeArray = $themeobj->getThemes('id'); + + $id = intval($id); + $themeDef = $themeobj->findDefault($themeArray[$id]); - - $id = intval($id); define('THEME_LAYOUT',$themeDef); diff --git a/e107_admin/emoticon.php b/e107_admin/emoticon.php index 61d9615e0..9035171ee 100644 --- a/e107_admin/emoticon.php +++ b/e107_admin/emoticon.php @@ -274,7 +274,8 @@ class emotec $tp = e107::getParser(); $fl = e107::getFile(); $ns = e107::getRender(); - + + $packID = $tp->filter($packID); $corea = "emote_".$packID; $emotecode = $sysprefs -> getArray($corea); @@ -362,6 +363,8 @@ class emotec $fl = e107::getFile(); $tp = e107::getParser(); + $packID = $tp->filter($packID); + $fname = e_IMAGE."emotes/".$packID."/emoticons.xml"; $backname = e_IMAGE."emotes/".$packID."/emoticons.bak"; @@ -445,9 +448,9 @@ class emotec // Pick up a list of emote packs from the database $pack_local = array(); - if ($sql->db_Select("core","*","`e107_name` LIKE 'emote_%'")) + if ($sql->select("core","*","`e107_name` LIKE 'emote_%'")) { - while ($row = $sql->db_Fetch()) + while ($row = $sql->fetch()) { $pack_local[substr($row['e107_name'],6)] = TRUE; } @@ -518,7 +521,7 @@ class emotec $confArray[$confIC] = trim($tmp[2]); } // $tmp = addslashes(serialize($confArray)); - $tmp = e107::getArrayStorage()->WriteArray($confArray); + $tmp = e107::serialize($confArray); $File_type = EMOLAN_22.":"; } /* end */ @@ -643,11 +646,11 @@ class emotec { if ($do_one) { // Assume existing pack - $sql->db_Update("core", "`e107_value`='{$tmp}' WHERE `e107_name`='emote_".$value."'"); + $sql->update("core", "`e107_value`='{$tmp}' WHERE `e107_name`='emote_".$value."'"); } else { // Assume new pack - $sql->db_Insert("core", "'emote_".$value."', '{$tmp}' "); + $sql->insert("core", "'emote_".$value."', '{$tmp}' "); } $mes->addInfo("{$File_type} '{$value}'"); } diff --git a/e107_admin/plugin.php b/e107_admin/plugin.php index 53436bc9a..f78ee1494 100644 --- a/e107_admin/plugin.php +++ b/e107_admin/plugin.php @@ -1746,9 +1746,11 @@ class pluginLanguage function __construct() { - if(vartrue($_GET['newplugin']) && $_GET['step']==2) + if(!empty($_GET['newplugin']) && $_GET['step']==2) { - return $this->step2($_GET['newplugin']); + $plugin = e107::getParser()->filter($_GET['newplugin'],'w'); + $this->step2($plugin); + return false; } @@ -1793,7 +1795,7 @@ class pluginLanguage $this->renderResults(); - + return true; } @@ -2200,12 +2202,12 @@ class pluginBuilder $this->special['checkboxes'] = array('title'=> '','type' => null, 'data' => null, 'width'=>'5%', 'thclass' =>'center', 'forced'=> TRUE, 'class'=>'center', 'toggle' => 'e-multiselect', 'fieldpref'=>true); $this->special['options'] = array( 'title'=> 'LAN_OPTIONS', 'type' => null, 'data' => null, 'width' => '10%', 'thclass' => 'center last', 'class' => 'center last', 'forced'=>TRUE, 'fieldpref'=>true); - if(vartrue($_GET['newplugin'])) + if(!empty($_GET['newplugin'])) { - $this->pluginName = $_GET['newplugin']; + $this->pluginName = e107::getParser()->filter($_GET['newplugin'],'w'); } - if(vartrue($_GET['createFiles'])) + if(!empty($_GET['createFiles'])) { $this->createFiles = true; } @@ -2226,7 +2228,7 @@ class pluginBuilder - if(vartrue($_GET['newplugin']) && $_GET['step']==2) + if(!empty($_GET['newplugin']) && $_GET['step']==2) { return $this->step2(); } @@ -2364,7 +2366,7 @@ class pluginBuilder $tp = e107::getParser(); - $newplug = $tp->filter($_GET['newplugin']); + $newplug = $tp->filter($_GET['newplugin'],'w'); $this->pluginName = $newplug; $sqlFile = e_PLUGIN.$newplug."/".$newplug."_sql.php"; @@ -3561,7 +3563,7 @@ TEMPLATE; function step4() { - + $tp = e107::getParser(); $pluginTitle = $_POST['xml']['main-name'] ; if($_POST['xml']) @@ -3577,7 +3579,7 @@ TEMPLATE; unset($_POST['step'],$_POST['xml'], $_POST['addons']); - $thePlugin = $_POST['newplugin']; + $thePlugin = $tp->filter($_POST['newplugin']); $text = "\n // Generated e107 Plugin Admin Area @@ -3606,6 +3608,9 @@ class ".$thePlugin."_adminArea extends e_admin_dispatcher { if(vartrue($vars['mode']) && $vars['mode'] != 'exclude') { + + $vars['mode'] = $tp->filter($vars['mode']); + $text .= " '".$vars['mode']."' => array( 'controller' => '".$table."', @@ -3637,6 +3642,8 @@ $text .= " { if(vartrue($vars['mode']) && $vars['mode'] != 'exclude' && !empty($vars['table'])) { + + $vars['mode'] = $tp->filter($vars['mode']); $text .= " '".$vars['mode']."/list' => array('caption'=> LAN_MANAGE, 'perm' => 'P'), '".$vars['mode']."/create' => array('caption'=> LAN_CREATE, 'perm' => 'P'), @@ -3659,7 +3666,7 @@ $text .= " 'main/edit' => 'main/list' ); - protected \$menuTitle = '".vartrue($vars['pluginName'], $pluginTitle)."'; + protected \$menuTitle = '".vartrue($tp->filter($vars['pluginName']), $pluginTitle)."'; } @@ -3703,7 +3710,10 @@ $text .= " foreach($_POST as $table => $vars) // LOOP Through Tables. { - + $vars['mode'] = $tp->filter($vars['mode']); + $vars['pluginName'] = $tp->filter($vars['pluginName']); + $vars['table'] = $tp->filter($vars['table']); + $vars['pid'] = $tp->filter($vars['pid']); if($table == 'pluginPrefs' || $vars['mode'] == 'exclude') { diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index 64b972c25..6ce08e794 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -3930,7 +3930,7 @@ class e107 } else { - define('SITEURLBASE', $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST']); + define('SITEURLBASE', $this->HTTP_SCHEME.'://'. filter_var($_SERVER['HTTP_HOST'], FILTER_SANITIZE_URL)); define('SITEURL', SITEURLBASE.e_HTTP); } @@ -3986,7 +3986,7 @@ class e107 // e_QUERY SHOULD NOT BE DEFINED IF IN SNIGLE ENTRY MODE OR ALL URLS WILL BE BROKEN - it's defined later within the the router if(!deftrue("e_SINGLE_ENTRY")) { - define('e_QUERY', $e_QUERY); + define('e_QUERY', filter_var($e_QUERY, FILTER_SANITIZE_URL)); $_SERVER['QUERY_STRING'] = e_QUERY; } else diff --git a/e107_handlers/theme_handler.php b/e107_handlers/theme_handler.php index d061a6277..b93cb8c7e 100644 --- a/e107_handlers/theme_handler.php +++ b/e107_handlers/theme_handler.php @@ -1909,9 +1909,9 @@ class themeHandler */ function findDefault($theme) { - if(varset($_POST['layout_default'])) + if(!empty($_POST['layout_default'])) { - return $_POST['layout_default']; + return e107::getParser()->filter($_POST['layout_default'], 'w'); } $l = $this->themeArray[$theme]; diff --git a/e107_plugins/forum/forum_viewforum.php b/e107_plugins/forum/forum_viewforum.php index 7efc40bb5..bee723219 100644 --- a/e107_plugins/forum/forum_viewforum.php +++ b/e107_plugins/forum/forum_viewforum.php @@ -223,8 +223,8 @@ if(varset($pref['track_online'])) { // $member_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id != 0"); // $guest_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id = 0"); - $member_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%') AND online_user_id != 0"); - $guest_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%') AND online_user_id = 0"); + $member_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%', 'url') AND online_user_id != 0"); + $guest_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%', 'url') AND online_user_id = 0"); $users = $member_users+$guest_users; @@ -467,7 +467,7 @@ $threadFilter = null; if(!empty($_GET['srch'])) { - $threadFilter = "t.thread_name LIKE '%".$tp->filter($_GET['srch'])."%'"; + $threadFilter = "t.thread_name LIKE '%".$tp->filter($_GET['srch'], 'w')."%'"; } $threadList = $forum->forumGetThreads($forumId, $threadFrom, $view, $threadFilter); diff --git a/e107_plugins/import/admin_import.php b/e107_plugins/import/admin_import.php index c3cbac801..565b0c405 100644 --- a/e107_plugins/import/admin_import.php +++ b/e107_plugins/import/admin_import.php @@ -622,6 +622,7 @@ class import_main_ui extends e_admin_ui { $mes = e107::getMessage(); + $tp = e107::getParser(); $mes->addDebug("dbImport(): Loading: ".$this->importClass); @@ -654,7 +655,7 @@ class import_main_ui extends e_admin_ui return false; } - $result = $converter->db_Connect($_POST['dbParamHost'], $_POST['dbParamUsername'], $_POST['dbParamPassword'], $_POST['dbParamDatabase'], $_POST['dbParamPrefix']); + $result = $converter->db_Connect($tp->filter($_POST['dbParamHost']), $tp->filter($_POST['dbParamUsername']), $tp->filter($_POST['dbParamPassword']), $tp->filter($_POST['dbParamDatabase']), $tp->filter($_POST['dbParamPrefix'])); if ($result !== TRUE) { $mes->addError(LAN_CONVERT_43.": ".$result); // db connect failed diff --git a/e107_plugins/log/log.php b/e107_plugins/log/log.php index 038179948..cca58db31 100644 --- a/e107_plugins/log/log.php +++ b/e107_plugins/log/log.php @@ -66,12 +66,12 @@ $pageUnique = array('page' => 1, 'content' => array('content')); $logVals = base64_decode($_GET['lv']); - +$logVals = filter_var($logVals, FILTER_SANITIZE_URL); $logVals .= "&ip=".USERIP; $logVals .= "&iphost=". @gethostbyaddr(USERIP); $logVals .= "&lan=".e_LAN; -$logVals .= "&agent=".$_SERVER['HTTP_USER_AGENT']; +$logVals .= "&agent=".filter_var($_SERVER['HTTP_USER_AGENT'],FILTER_SANITIZE_STRING); parse_str($logVals, $vals); diff --git a/fpw.php b/fpw.php index 08a5852f7..f43895c4f 100644 --- a/fpw.php +++ b/fpw.php @@ -264,7 +264,7 @@ if(e_QUERY) // Request to reset password -if (isset($_POST['pwsubmit'])) +if (!empty($_POST['pwsubmit'])) { require_once(e_HANDLER.'mail.php'); @@ -290,13 +290,15 @@ if (isset($_POST['pwsubmit'])) $row = $sql->fetch(); // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) - // Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage. - if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.'))) - { - sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08); - e107::getRedirect()->redirect(SITEURL); + // Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage. + if(!getperms('0')) // disabled when testing as main-admin. + { + if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.'))) + { + sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08); + e107::getRedirect()->redirect(SITEURL); + } } - // Banned user, or not validated switch($row['user_ban']) { @@ -318,11 +320,8 @@ if (isset($_POST['pwsubmit'])) } // Set unique reset code - mt_srand ((double)microtime() * 1000000); - $maxran = 1000000; - $rand_num = mt_rand(0, $maxran); - $datekey = date('r'); - $rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey); + $datekey = microtime(true); + $rcode = crypt(($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $clean_email . $datekey), e_TOKEN); // Prepare email $link = SITEURL.'fpw.php?'.$rcode; diff --git a/install.php b/install.php index 947a2923a..b0a73d8c5 100644 --- a/install.php +++ b/install.php @@ -137,6 +137,7 @@ $override = array(); if(isset($_POST['previous_steps'])) { $tmp = unserialize(base64_decode($_POST['previous_steps'])); + $tmp = $tp->filter($tmp); $override = (isset($tmp['paths']['hash'])) ? array('site_path'=>$tmp['paths']['hash']) : array(); unset($tmp); } diff --git a/submitnews.php b/submitnews.php index 4d72cf77d..0df3463e2 100644 --- a/submitnews.php +++ b/submitnews.php @@ -91,8 +91,8 @@ class submitNews $submitnews_user = (USER ? USERNAME : trim($tp->toDB($_POST['submitnews_name']))); $submitnews_email = (USER ? USEREMAIL : trim(check_email($tp->toDB($_POST['submitnews_email'])))); - $submitnews_title = $tp->toDB($_POST['submitnews_title']); - $submitnews_item = $tp->toDB($_POST['submitnews_item']); + $submitnews_title = $tp->filter($_POST['submitnews_title']); + $submitnews_item = $tp->filter($_POST['submitnews_item']); // $submitnews_item = str_replace("src="e107_images", "src="".SITEURL."e107_images", $submitnews_item); $submitnews_file = ""; $submitnews_error = false; diff --git a/usersettings.php b/usersettings.php index 540fa02ff..8e3814658 100644 --- a/usersettings.php +++ b/usersettings.php @@ -214,8 +214,11 @@ class usersettings_front // Begin Usersettings rewrite. } - if (isset($_POST['updatesettings'])) + if (!empty($_POST['updatesettings'])) { + + $_POST = e107::getParser()->filter($_POST); + if (!vartrue($pref['auth_method'])) { $pref['auth_method'] = 'e107'; @@ -433,12 +436,14 @@ class usersettings_front // Begin Usersettings rewrite. $changedUserData = e107::unserialize($new_data); + $changedUserData = e107::getParser()->filter($changedUserData, 'str'); $savePassword = $_POST['currentpassword']; if(!empty($new_extended)) { $changedEUFData = e107::unserialize($new_extended); + $changedEUFData = e107::getParser()->filter($changedEUFData, 'str'); } unset($new_data); @@ -888,7 +893,9 @@ class usersettings_front // Begin Usersettings rewrite. } } - $text = '
'; + $target = e107::getUrl()->create('user/myprofile/edit',array('id'=>USERID)); + + $text = ''; //$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));