Commit: 0ac39f3249b9c06cea6e50fa985f447cba92a309 Author: kovacs.ferenc <[email protected]> Wed, 11 Jun 2014 13:37:00 +0200 Parents: 328cf5cdcfad6762f65b600802de911c7dff6181 Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=0ac39f3249b9c06cea6e50fa985f447cba92a309 Log: escape the variables coming from $_REQUEST magic_quote_gpc makes this not exploitable, but we should move away from that sooner or later Changed paths: M manage/mirrors.php Diff: diff --git a/manage/mirrors.php b/manage/mirrors.php index 5533d8f..99aea0f 100644 --- a/manage/mirrors.php +++ b/manage/mirrors.php @@ -37,6 +37,8 @@ $active = isset($active) ? 1 : 0; $has_stats = isset($has_stats) ? 1 : 0; $moreinfo = empty($_GET['mi']) ? 0 : 1; +$mirrortype = (int)$mirrortype; + // Select last mirror check time from table $lct = db_query("SELECT UNIX_TIMESTAMP(lastchecked) FROM mirrors ORDER BY lastchecked DESC LIMIT 1"); list($checktime) = mysql_fetch_row($lct); @@ -58,12 +60,13 @@ if (isset($id) && isset($hostname)) { // Perform a full data update on a mirror case "update": $mod_by_time = '<b>'.strtoupper(date('d-M-Y H:i:s T')).'</b> ['.$_SESSION["username"].'] Mirror updated'; - $query = "UPDATE mirrors SET hostname='$hostname', active=$active, " . - "mirrortype=$mirrortype, cname='$cname', maintainer='".unmangle($maintainer)."', " . - "providername='".unmangle($providername)."', providerurl='$providerurl', " . - "cc='$cc', lang='$lang', has_stats=$has_stats, load_balanced='$load_balanced', " . - "lastedited=NOW(), acmt='".unmangle($acmt_prev)."==\n" . - $mod_by_time.(isset($acmt) && !empty($acmt) ? ": ".unmangle($acmt) : ".")."' WHERE id = $id"; + $query = "UPDATE mirrors SET hostname='".unmangle($hostname)."', active=$active, " . + "mirrortype=$mirrortype, cname='".unmangle($cname)."', maintainer='".unmangle($maintainer)."', " . + "providername='".unmangle($providername)."', providerurl='".unmangle($providerurl)."', " . + "cc='".unmangle($cc)."', lang='".unmangle($lang)."', has_stats=$has_stats, " . + "load_balanced='".unmangle($load_balanced)."', lastedited=NOW(), " . + "acmt='".unmangle($acmt_prev)."==\n" . $mod_by_time.(isset($acmt) && !empty($acmt) ? ": ".unmangle($acmt) : ".")."'" . + "WHERE id = $id"; $msg = "$hostname updated"; break; @@ -78,9 +81,9 @@ if (isset($id) && isset($hostname)) { $query = "INSERT INTO mirrors (hostname, active, mirrortype, " . "cname, maintainer, providername, providerurl, cc, " . "lang, has_stats, created, lastedited, acmt, load_balanced) " . - "VALUES ('$hostname', $active, $mirrortype, '$cname', " . - "'".unmangle($maintainer)."', '".unmangle($providername)."', '$providerurl', '$cc', " . - "'$lang', $has_stats, NOW(), NOW(), '".unmangle($acmt)."', '$load_balanced')"; + "VALUES ('".unmangle($hostname)."', $active, $mirrortype, '".unmangle($cname)."', " . + "'".unmangle($maintainer)."', '".unmangle($providername)."', '$providerurl', '".unmangle($cc)."', " . + "'".unmangle($lang)."', $has_stats, NOW(), NOW(), '".unmangle($acmt)."', '".unmangle($load_balanced)."')"; $msg = "$hostname added"; break; } -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
