Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > FreeTSP
Reply
  #1  
Old 8th August 2021, 02:37
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Senior Member
 
Join Date: Jul 2013
P2P
Posts: 342
Default controlpanel.php security patch
Part One:

Find:
PHP Code:
//-- Sysop Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        $row['id'];
            
$name      $row['name'];
            
$url       $row['url'];
            
$image     $row['image'];
            
$max_class $row['max_class'];

            if (
$max_class == 6)
            {
               
$max_class "Sysop";
            } 
Replacement:
PHP Code:
//-- Sysop Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        sqlesc($row['id']);
            
$name      sqlesc(htmlspecialchars($row['name']));
            
$url       sqlesc($row['url']);
            
$image     sqlesc(htmlspecialchars($row['image']));
            
$max_class sqlesc($row['max_class']);

            if (
$max_class == 6)
            {
               
$max_class "Sysop";
            } 
Find:
PHP Code:
//-- Admin Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        $row['id'];
            
$name      $row['name'];
            
$url       $row['url'];
            
$image     $row['image'];
            
$max_class $row['max_class'];

            if (
$max_class == 5)
            {
               
$max_class "Administrator";
            } 
Replacement:
PHP Code:
//-- Admin Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        sqlesc($row['id']);
            
$name      sqlesc(htmlspecialchars ($row['name']));
            
$url       sqlesc($row['url']);
            
$image     sqlesc(htmlspecialchars($row['image']));
            
$max_class sqlesc($row['max_class']);

            if (
$max_class == 5)
            {
               
$max_class "Administrator";
            } 
Find:
PHP Code:
//-- Mod Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        $row['id'];
            
$name      $row['name'];
            
$url       $row['url'];
            
$image     $row['image'];
            
$max_class $row['max_class'];

            if (
$max_class == 4)
            {
               
$max_class "Moderator";
            } 
Replacement:
PHP Code:
//-- Mod Tools --//
        
$query "SELECT *
                    FROM controlpanel
                    WHERE status=0 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id        sqlesc($row['id']);
            
$name      sqlesc(htmlspecialchars ($row['name']));
            
$url       sqlesc($row['url']);
            
$image     sqlesc(htmlspecialchars ($row['image']));
            
$max_class sqlesc($row['max_class']);

            if (
$max_class == 4)
            {
               
$max_class "Moderator";
            } 
PART 2:

Find:
PHP Code:
while ($row mysql_fetch_array($sql))
{
    
$file       $row["url"];
    
$id         $row["id"];
    
$status     $row["status"];
    
$max_class  $row['max_class'];
    
$fileaction $_GET['fileaction'];

    if (
$fileaction == $row[id] & $CURUSER['class'] < "$max_class")
    {
        
error_message("warn""Access Denied""Your Staff Level Is Incorrect For This Area.");
    } 
Replacement:
PHP Code:
while ($row mysql_fetch_array($sql))
{
    
$file       sqlesc($row["url"]);
    
$id         sqlesc($row["id"]);
    
$status     sqlesc($row["status"]);
    
$max_class  sqlesc($row['max_class']);
    
$fileaction sqlesc($_GET['fileaction']);

    if (
$fileaction == $row[id] & $CURUSER['class'] < "$max_class")
    {
        
error_message("warn""Access Denied""Your Staff Level Is Incorrect For This Area.");
    } 
Find:
PHP Code:
 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=7" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 
Replacement:
PHP Code:
 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=7" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']));
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 
Find:
PHP Code:
$query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {

            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 
Replacement:
PHP Code:
$query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=6" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {

            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']));
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 
Find:
PHP Code:
 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 
Replacement:
PHP Code:
 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=5" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']);
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 
Find:
PHP Code:
 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    $row['id'];
            
$name  $row['name'];
            
$url   $row['url'];
            
$image $row['image']; 
Replacement:
PHP Code:
 $query "SELECT *
                    FROM controlpanel
                    WHERE status=1 AND max_class=4" 
or sqlerr(__FILE____LINE__);

        
$sql sql_query($query);

        while (
$row mysql_fetch_array($sql))
        {
            
$id    sqlesc($row['id']);
            
$name  sqlesc(htmlspecialchars ($row['name']);
            
$url   sqlesc($row['url']);
            
$image sqlesc($row['image']); 
Once done should be secured now!, mysql_real_escape_string(); was used to secure the queries being utitised within.
__________________
https://www.seedbox.io
https://www.vultr.com/
Reply With Quote
  #2  
Old 8th August 2021, 09:15
Elena's Avatar
Elena Elena is offline
Senior Member
 
Join Date: Sep 2010
P2P
Posts: 74
Default
Code:
SELECT *
Code:
$id = $row['id'];
Code:
$id = sqlesc($row['id']);


Seriously? sqlesc is used for INSERT and UPDATE, not SELECT! You are now here such nonsense in the post wrote that it's just awful.

Code:
$image = sqlesc(htmlspecialchars($row['image']));

htmlspecialchars ???

there are numbers and image expansion! Not a Title! You will check this title-text! Oh, how scary for people like you who do not understand how to put protection ...
Reply With Quote
  #3  
Old 9th August 2021, 17:44
Freaky's Avatar
Freaky Freaky is offline
Member
 
Join Date: May 2021
Posts: 2
Default sec update
If your going to update the source why are you still using mysql instead off mysqli???
Reply With Quote
  #4  
Old 9th August 2021, 19:10
budgie's Avatar
budgie budgie is offline
Senior Member
 
Join Date: Nov 2020
Posts: 111
Default
Yes and it be good to PDO IT as the mysqli not do it any good there be bigs in it big time
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 11:38. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2021, vBulletin Solutions Inc.