BugFix : XSS exploit
This commit is contained in:
ASponch
parent
14608124da
commit
f013bcfe1b
1 changed files with 20 additions and 20 deletions
|
|
@ -2717,9 +2717,9 @@
|
||||||
case 'video':case 'videos':case 'v':
|
case 'video':case 'videos':case 'v':
|
||||||
{
|
{
|
||||||
if(SEO=='yes') {
|
if(SEO=='yes') {
|
||||||
return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
|
return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
|
||||||
} else {
|
} else {
|
||||||
return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='. htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -2727,9 +2727,9 @@
|
||||||
case 'channels':case 'channel':case'c':case'user':
|
case 'channels':case 'channel':case'c':case'user':
|
||||||
{
|
{
|
||||||
if(SEO=='yes') {
|
if(SEO=='yes') {
|
||||||
return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
|
return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
|
||||||
} else {
|
} else {
|
||||||
return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -2742,7 +2742,7 @@
|
||||||
|
|
||||||
if(defined("IN_MODULE")) {
|
if(defined("IN_MODULE")) {
|
||||||
global $prefix_catlink;
|
global $prefix_catlink;
|
||||||
$url = 'cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
$url = 'cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
$url = $prefix_catlink.$url;
|
$url = $prefix_catlink.$url;
|
||||||
$rm_array = array("cat","sort","time","page","seo_cat_name");
|
$rm_array = array("cat","sort","time","page","seo_cat_name");
|
||||||
$p = "";
|
$p = "";
|
||||||
|
|
@ -2754,9 +2754,9 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if(SEO=='yes') {
|
if(SEO=='yes') {
|
||||||
return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
|
return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
|
||||||
} else {
|
} else {
|
||||||
return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -2793,18 +2793,18 @@
|
||||||
if($mode == 'sort') {
|
if($mode == 'sort') {
|
||||||
$sorting = $sort;
|
$sorting = $sort;
|
||||||
} else {
|
} else {
|
||||||
$sorting = $_GET['sort'];
|
$sorting = htmlspecialchars($_GET['sort']);
|
||||||
}
|
}
|
||||||
if($mode == 'time') {
|
if($mode == 'time') {
|
||||||
$time = $sort;
|
$time = $sort;
|
||||||
} else {
|
} else {
|
||||||
$time = $_GET['time'];
|
$time = htmlspecialchars($_GET['time']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (SEO=='yes') {
|
if (SEO=='yes') {
|
||||||
return BASEURL.'/videos/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
|
return BASEURL.'/videos/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
|
||||||
} else {
|
} else {
|
||||||
return BASEURL.'/videos.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
return BASEURL.'/videos.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -2826,18 +2826,18 @@
|
||||||
if($mode == 'sort') {
|
if($mode == 'sort') {
|
||||||
$sorting = $sort;
|
$sorting = $sort;
|
||||||
} else {
|
} else {
|
||||||
$sorting = $_GET['sort'];
|
$sorting = htmlspecialchars($_GET['sort']);
|
||||||
}
|
}
|
||||||
if($mode == 'time') {
|
if($mode == 'time') {
|
||||||
$time = $sort;
|
$time = $sort;
|
||||||
} else {
|
} else {
|
||||||
$time = $_GET['time'];
|
$time = htmlspecialchars($_GET['time']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(SEO=='yes') {
|
if(SEO=='yes') {
|
||||||
return BASEURL.'/channels/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
|
return BASEURL.'/channels/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
|
||||||
} else {
|
} else {
|
||||||
return BASEURL.'/channels.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
return BASEURL.'/channels.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -2859,12 +2859,12 @@
|
||||||
if($mode == 'sort') {
|
if($mode == 'sort') {
|
||||||
$sorting = $sort;
|
$sorting = $sort;
|
||||||
} else {
|
} else {
|
||||||
$sorting = $_GET['sort'];
|
$sorting = htmlspecialchars($_GET['sort']);
|
||||||
}
|
}
|
||||||
if($mode == 'time') {
|
if($mode == 'time') {
|
||||||
$time = $sort;
|
$time = $sort;
|
||||||
} else {
|
} else {
|
||||||
$time = $_GET['time'];
|
$time = htmlspecialchars($_GET['time']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(THIS_PAGE=='photos') {
|
if(THIS_PAGE=='photos') {
|
||||||
|
|
@ -2872,15 +2872,15 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if(defined("IN_MODULE")) {
|
if(defined("IN_MODULE")) {
|
||||||
$url = 'cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
$url = 'cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
$plugURL = queryString($url,array("cat","sort","time","page","seo_cat_name"));
|
$plugURL = queryString($url,array("cat","sort","time","page","seo_cat_name"));
|
||||||
return $plugURL;
|
return $plugURL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(SEO=='yes') {
|
if(SEO=='yes') {
|
||||||
return BASEURL.'/'.$type.'/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
|
return BASEURL.'/'.$type.'/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
|
||||||
} else {
|
} else {
|
||||||
return BASEURL.'/'.$type.'.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
|
return BASEURL.'/'.$type.'.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue