Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   FreeTSP (http://www.bvlist.com/forumdisplay.php?f=120)
-   -   controlpanel.php security patch (http://www.bvlist.com/showthread.php?t=12404)

BamBam0077 8th August 2021 02:37

controlpanel.php security patch
 
Part One:

Find:
PHP Code:

//-- Sysop Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        $row['id'];
            
$name      $row['name'];
            
$url       $row['url'];
            
$image     $row['image'];
            
$max_class $row['max_class'];

            if (
$max_class == 6)
            {
               
$max_class "Sysop";
            } 

Replacement:
PHP Code:

//-- Sysop Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        sqlesc($row['id']);
            
$name      sqlesc(htmlspecialchars($row['name']));
            
$url       sqlesc($row['url']);
            
$image     sqlesc(htmlspecialchars($row['image']));
            
$max_class sqlesc($row['max_class']);

            if (
$max_class == 6)
            {
               
$max_class "Sysop";
            } 

Find:
PHP Code:

//-- Admin Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        $row['id'];
            
$name      $row['name'];
            
$url       $row['url'];
            
$image     $row['image'];
            
$max_class $row['max_class'];

            if (
$max_class == 5)
            {
               
$max_class "Administrator";
            } 

Replacement:
PHP Code:

//-- Admin Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        sqlesc($row['id']);
            
$name      sqlesc(htmlspecialchars ($row['name']));
            
$url       sqlesc($row['url']);
            
$image     sqlesc(htmlspecialchars($row['image']));
            
$max_class sqlesc($row['max_class']);

            if (
$max_class == 5)
            {
               
$max_class "Administrator";
            } 

Find:
PHP Code:

//-- Mod Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        $row['id'];
            
$name      $row['name'];
            
$url       $row['url'];
            
$image     $row['image'];
            
$max_class $row['max_class'];

            if (
$max_class == 4)
            {
               
$max_class "Moderator";
            } 

Replacement:
PHP Code:

//-- Mod Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        sqlesc($row['id']);
            
$name      sqlesc(htmlspecialchars ($row['name']));
            
$url       sqlesc($row['url']);
            
$image     sqlesc(htmlspecialchars ($row['image']));
            
$max_class sqlesc($row['max_class']);

            if (
$max_class == 4)
            {
               
$max_class "Moderator";
            } 

PART 2:

Find:
PHP Code:

while ($row mysql_fetch_array($sql))
{
    
$file       $row["url"];
    
$id         $row["id"];
    
$status     $row["status"];
    
$max_class  $row['max_class'];
    
$fileaction $_GET['fileaction'];

    if (
$fileaction == $row[id] & $CURUSER['class'] < "$max_class")
    {
        
error_message("warn""Access Denied""Your Staff Level Is Incorrect For This Area.");
    } 

Replacement:
PHP Code:

while ($row mysql_fetch_array($sql))
{
    
$file       sqlesc($row["url"]);
    
$id         sqlesc($row["id"]);
    
$status     sqlesc($row["status"]);
    
$max_class  sqlesc($row['max_class']);
    
$fileaction sqlesc($_GET['fileaction']);

    if (
$fileaction == $row[id] & $CURUSER['class'] < "$max_class")
    {
        
error_message("warn""Access Denied""Your Staff Level Is Incorrect For This Area.");
    } 

Find:
PHP Code:

 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=7" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 

Replacement:
PHP Code:

 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=7" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']));
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 

Find:
PHP Code:

$query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {

            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 

Replacement:
PHP Code:

$query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {

            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']));
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 

Find:
PHP Code:

 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 

Replacement:
PHP Code:

 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']);
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 

Find:
PHP Code:

 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 

Replacement:
PHP Code:

 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']);
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 

Once done should be secured now!, mysql_real_escape_string(); was used to secure the queries being utitised within.

Elena 8th August 2021 09:15

Code:

SELECT *
Code:

$id = $row['id'];
Code:

$id = sqlesc($row['id']);


Seriously? sqlesc is used for INSERT and UPDATE, not SELECT! You are now here such nonsense in the post wrote that it's just awful. :lol:

Code:

$image = sqlesc(htmlspecialchars($row['image']));
:wallbash:
htmlspecialchars ???

there are numbers and image expansion! Not a Title! You will check this title-text! Oh, how scary for people like you who do not understand how to put protection ...

Freaky 9th August 2021 17:44

sec update
 
If your going to update the source why are you still using mysql instead off mysqli???

xblade 9th August 2021 19:10

Yes and it be good to PDO IT as the mysqli not do it any good there be bigs in it big time


All times are GMT +2. The time now is 23:02.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.