From 23069a13e203985ab124d1139e8de74b12778449 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 9 Sep 2014 19:18:36 +0200 Subject: [PATCH 1/3] [ticket/13526] Correctly validate the ucp_pm_options form key. PHPBB3-13526 --- phpBB/includes/ucp/ucp_pm_options.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index efa390ed87..1d5c0ecce3 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Change "full folder" setting - what to do if folder is full if (isset($_POST['fullfolder'])) { - check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url); + if (!check_form_key('ucp_pm_options')) + { + trigger_error('FORM_INVALID'); + } + $full_action = request_var('full_action', 0); $set_folder_id = 0; From 251868dd7e22c510a44ecd01150dff308e0fceae Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 20 Jan 2015 22:34:14 +0100 Subject: [PATCH 2/3] [ticket/13527] Remove two unused variables. PHPBB3-13527 --- phpBB/includes/acp/acp_update.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 5d3e9abcea..7d16a46916 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -34,9 +34,6 @@ class acp_update $this->page_title = 'ACP_VERSION_CHECK'; // Get current and latest version - $errstr = ''; - $errno = 0; - $info = obtain_latest_version_info(request_var('versioncheck_force', false)); if (empty($info)) From 92b5222295d6d1a8f49fe688a822922f8372b7d2 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 20 Jan 2015 22:40:39 +0100 Subject: [PATCH 3/3] [ticket/13527] Apply htmlspecialchars() to data from version server. PHPBB3-13527 --- phpBB/includes/acp/acp_update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 7d16a46916..87d5c51b56 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -34,7 +34,7 @@ class acp_update $this->page_title = 'ACP_VERSION_CHECK'; // Get current and latest version - $info = obtain_latest_version_info(request_var('versioncheck_force', false)); + $info = htmlspecialchars(obtain_latest_version_info(request_var('versioncheck_force', false))); if (empty($info)) {