mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-09 18:26:32 +02:00
Code Issues Releases Wiki Activity

several security fixes in admin pages

Browse Source 
changed bbcode to only allow jpg, jpeg, gif and png


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4876 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2004-03-25 15:57:20 +00:00
parent 79c15bd7c1
commit 234b1f13de
21 changed files with 1038 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/admin/admin_styles.php
View File

@@ -56,6 +56,7 @@ if ($cancel)
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
@@ -488,7 +489,7 @@ switch( $mode )
$themes_title = $lang['Edit_theme'];
$themes_explain = $lang['Edit_theme_explain'];
$style_id = $HTTP_GET_VARS['style_id'];
$style_id = intval($HTTP_GET_VARS['style_id']);
$selected_names = array();
$selected_values = array();
@@ -703,7 +704,7 @@ switch( $mode )
$sql = "SELECT *
FROM " . THEMES_TABLE . "
WHERE template_name = '$template_name'";
WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
if(!$result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql);