Yuna Scatari v2.2 PRE7 By kp380lv - Hotfixes
Potential dangerous XSS hole in simpaty.php
Find this: Code:
Code:
Code:
$type = $_GET['type' Code:
$type = htmlentities($_GET['type']); Find this: Code:
$choice = $_POST["choice"]; Code:
$choice = (int) $_POST["choice"]; |
Thanks for these!
I was wondering if you also fixed the following bugs i reported here: http://bvlist.com/yuna-scatari/431-y...html#post10216 |
In functions.php find this:
Code:
if ((DEBUG_MODE || isset($_GET["yuna"])) && count($query_stat)) { Code:
if ((DEBUG_MODE) && count($query_stat)) { |
Fix
1. comment.php (line 104) $commentid = (int) $_GET["cid"]; ;
2. email-gateway.php(line 31) If ($subject == "") $subject = "(No subject)"; 3. message.php (line 361) sttderr($tracker_lang['error'], $message_lang['addedtoblacklist']); 4. message.php (line 432) $n_pms = 0 + $_POST['n_pms'];['n_pms']; Enjoy! |
All times are GMT +2. The time now is 14:41. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.