vanzhiganov/clipbucket
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

BugFix : XSS exploit

Browse source
This commit is contained in:
ASponch 2018-03-09 16:18:20 +01:00
parent 14608124da
commit f013bcfe1b
1 changed files with 20 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
upload/includes/functions.php
View file

@ -2717,9 +2717,9 @@
case 'video':case 'videos':case 'v':
{
if(SEO=='yes') {
return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
} else {
return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='. htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
@ -2727,9 +2727,9 @@
case 'channels':case 'channel':case'c':case'user':
{
if(SEO=='yes') {
return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
} else {
return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
@ -2742,7 +2742,7 @@
if(defined("IN_MODULE")) {
global $prefix_catlink;
$url = 'cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
$url = 'cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
$url = $prefix_catlink.$url;
$rm_array = array("cat","sort","time","page","seo_cat_name");
$p = "";
@ -2754,9 +2754,9 @@
}
if(SEO=='yes') {
return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
} else {
return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
@ -2793,18 +2793,18 @@
if($mode == 'sort') {
$sorting = $sort;
} else {
$sorting = $_GET['sort'];
$sorting = htmlspecialchars($_GET['sort']);
}
if($mode == 'time') {
$time = $sort;
} else {
$time = $_GET['time'];
$time = htmlspecialchars($_GET['time']);
}
if (SEO=='yes') {
return BASEURL.'/videos/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
return BASEURL.'/videos/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
} else {
return BASEURL.'/videos.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/videos.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
@ -2826,18 +2826,18 @@
if($mode == 'sort') {
$sorting = $sort;
} else {
$sorting = $_GET['sort'];
$sorting = htmlspecialchars($_GET['sort']);
}
if($mode == 'time') {
$time = $sort;
} else {
$time = $_GET['time'];
$time = htmlspecialchars($_GET['time']);
}
if(SEO=='yes') {
return BASEURL.'/channels/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
return BASEURL.'/channels/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
} else {
return BASEURL.'/channels.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/channels.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
@ -2859,12 +2859,12 @@
if($mode == 'sort') {
$sorting = $sort;
} else {
$sorting = $_GET['sort'];
$sorting = htmlspecialchars($_GET['sort']);
}
if($mode == 'time') {
$time = $sort;
} else {
$time = $_GET['time'];
$time = htmlspecialchars($_GET['time']);
}
if(THIS_PAGE=='photos') {
@ -2872,15 +2872,15 @@
}
if(defined("IN_MODULE")) {
$url = 'cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
$url = 'cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
$plugURL = queryString($url,array("cat","sort","time","page","seo_cat_name"));
return $plugURL;
}
if(SEO=='yes') {
return BASEURL.'/'.$type.'/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
return BASEURL.'/'.$type.'/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
} else {
return BASEURL.'/'.$type.'.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/'.$type.'.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;