mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-07 01:06:48 +02:00
Code Issues Releases Wiki Activity

several security fixes in admin pages

Browse Source 
changed bbcode to only allow jpg, jpeg, gif and png


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4876 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2004-03-25 15:57:20 +00:00
parent 79c15bd7c1
commit 234b1f13de
21 changed files with 1038 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
phpBB/admin/admin_forumauth.php
View File

@@ -102,20 +102,23 @@ if( isset($HTTP_POST_VARS['submit']) )
{
if(isset($HTTP_POST_VARS['simpleauth']))
{
$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
if (is_array($simple_ary))
{
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
if ( $forum_auth_fields[$i] == 'auth_vote' )
{