This is an automated email from the git hooks/post-receive script. s k u n n y k p u s h e d a c o m m i t t o b r a n c h o l d f o r u m in repository www/forum.xfce.org.
commit be3144a5d1f2a15dc6012ed16876252db8cbbac3 Author: Nick Schermer <n...@xfce.org> Date: Tue Nov 25 17:25:22 2014 +0100 Update to fluxbb 1.5.7. --- admin_bans.php | 6 +++--- admin_options.php | 4 ++-- db_update.php | 2 +- include/common.php | 2 +- include/functions.php | 34 +++++++++++++++++++++++++++++++++- install.php | 2 +- login.php | 28 +++++----------------------- misc.php | 28 +++++----------------------- profile.php | 2 +- 9 files changed, 52 insertions(+), 56 deletions(-) diff --git a/admin_bans.php b/admin_bans.php index 5d6d5b5..0208805 100644 --- a/admin_bans.php +++ b/admin_bans.php @@ -134,7 +134,7 @@ if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban'])) <tr> <th scope="row"><?php echo $lang_admin_bans['E-mail label'] ?></th> <td> - <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo $ban_email; ?>" tabindex="3" /> + <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo pun_htmlspecialchars($ban_email); ?>" tabindex="3" /> <span><?php echo $lang_admin_bans['E-mail help'] ?></span> </td> </tr> @@ -259,7 +259,7 @@ else if (isset($_POST['add_edit_ban'])) require PUN_ROOT.'include/email.php'; if ($ban_email != '' && !is_valid_email($ban_email)) { - if (!preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$%', $ban_email)) + if (!preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,63})$%', $ban_email)) message($lang_admin_bans['Invalid e-mail message']); } @@ -434,7 +434,7 @@ else if (isset($_GET['find_ban'])) ?> <tr> <td class="tcl"><?php echo ($ban_data['username'] != '') ? pun_htmlspecialchars($ban_data['username']) : ' ' ?></td> - <td class="tc2"><?php echo ($ban_data['email'] != '') ? $ban_data['email'] : ' ' ?></td> + <td class="tc2"><?php echo ($ban_data['email'] != '') ? pun_htmlspecialchars($ban_data['email']) : ' ' ?></td> <td class="tc3"><?php echo ($ban_data['ip'] != '') ? pun_htmlspecialchars($ban_data['ip']) : ' ' ?></td> <td class="tc4"><?php echo $expire ?></td> <td class="tc5"><?php echo ($ban_data['message'] != '') ? pun_htmlspecialchars($ban_data['message']) : ' ' ?></td> diff --git a/admin_options.php b/admin_options.php index d0988be..c14c77e 100644 --- a/admin_options.php +++ b/admin_options.php @@ -705,14 +705,14 @@ generate_admin_menu('options'); <tr> <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th> <td> - <input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_admin_email'] ?>" /> + <input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_admin_email']) ?>" /> <span><?php echo $lang_admin_options['Admin e-mail help'] ?></span> </td> </tr> <tr> <th scope="row"><?php echo $lang_admin_options['Webmaster e-mail label'] ?></th> <td> - <input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_webmaster_email'] ?>" /> + <input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_webmaster_email']) ?>" /> <span><?php echo $lang_admin_options['Webmaster e-mail help'] ?></span> </td> </tr> diff --git a/db_update.php b/db_update.php index d8307a1..be43dd3 100644 --- a/db_update.php +++ b/db_update.php @@ -7,7 +7,7 @@ */ // The FluxBB version this script updates to -define('UPDATE_TO', '1.5.6'); +define('UPDATE_TO', '1.5.7'); define('UPDATE_TO_DB_REVISION', 20); define('UPDATE_TO_SI_REVISION', 2); diff --git a/include/common.php b/include/common.php index ab61a7c..dba883f 100644 --- a/include/common.php +++ b/include/common.php @@ -10,7 +10,7 @@ if (!defined('PUN_ROOT')) exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.'); // Define the version and database revision that this code was written for -define('FORUM_VERSION', '1.5.6'); +define('FORUM_VERSION', '1.5.7'); define('FORUM_DB_REVISION', 20); define('FORUM_SI_REVISION', 2); diff --git a/include/functions.php b/include/functions.php index 3956d25..dd720f5 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1093,12 +1093,44 @@ function confirm_referrer($scripts, $error_msg = false) } // Check the host and path match. Ignore the scheme, port, etc. - if ($referrer['host'] != $valid_host || !in_array($referrer['path'], $valid_paths)) + if ($referrer['host'] != $valid_host || !in_array($referrer['path'], $valid_paths, true)) message($error_msg ? $error_msg : $lang_common['Bad referrer']); } // +// Validate the given redirect URL, use the fallback otherwise +// +function validate_redirect($redirect_url, $fallback_url) +{ + $referrer = parse_url(strtolower($redirect_url)); + + // Remove www subdomain if it exists + if (strpos($referrer['host'], 'www.') === 0) + $referrer['host'] = substr($referrer['host'], 4); + + // Make sure the path component exists + if (!isset($referrer['path'])) + $referrer['path'] = ''; + + $valid = parse_url(strtolower(get_base_url())); + + // Remove www subdomain if it exists + if (strpos($valid['host'], 'www.') === 0) + $valid['host'] = substr($valid['host'], 4); + + // Make sure the path component exists + if (!isset($valid['path'])) + $valid['path'] = ''; + + if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path'])) + return $redirect_url; + else + return $fallback_url; +} + + +// // Generate a random password of length $len // Compatibility wrapper for random_key // diff --git a/install.php b/install.php index 056545b..e39d92c 100644 --- a/install.php +++ b/install.php @@ -7,7 +7,7 @@ */ // The FluxBB version this script installs -define('FORUM_VERSION', '1.5.6'); +define('FORUM_VERSION', '1.5.7'); define('FORUM_DB_REVISION', 20); define('FORUM_SI_REVISION', 2); diff --git a/login.php b/login.php index 4d4683e..931ca44 100644 --- a/login.php +++ b/login.php @@ -84,7 +84,10 @@ if (isset($_POST['form_sent']) && $action == 'in') // Reset tracked topics set_tracked_topics(null); - redirect(pun_htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']); + // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login) + $redirect_url = validate_redirect($_POST['redirect_url'], 'index.php'); + + redirect(pun_htmlspecialchars($redirect_url), $lang_login['Login redirect']); } @@ -238,28 +241,7 @@ if (!$pun_user['is_guest']) // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login) if (!empty($_SERVER['HTTP_REFERER'])) -{ - $referrer = parse_url($_SERVER['HTTP_REFERER']); - // Remove www subdomain if it exists - if (strpos($referrer['host'], 'www.') === 0) - $referrer['host'] = substr($referrer['host'], 4); - - // Make sure the path component exists - if (!isset($referrer['path'])) - $referrer['path'] = ''; - - $valid = parse_url(get_base_url()); - // Remove www subdomain if it exists - if (strpos($valid['host'], 'www.') === 0) - $valid['host'] = substr($valid['host'], 4); - - // Make sure the path component exists - if (!isset($valid['path'])) - $valid['path'] = ''; - - if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path'])) - $redirect_url = $_SERVER['HTTP_REFERER']; -} + $redirect_url = validate_redirect($_SERVER['HTTP_REFERER'], null); if (!isset($redirect_url)) $redirect_url = 'index.php'; diff --git a/misc.php b/misc.php index a758892..d72a310 100644 --- a/misc.php +++ b/misc.php @@ -136,34 +136,16 @@ else if (isset($_GET['email'])) $db->query('UPDATE '.$db->prefix.'users SET last_email_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error()); - redirect(pun_htmlspecialchars($_POST['redirect_url']), $lang_misc['Email sent redirect']); + // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login) + $redirect_url = validate_redirect($_POST['redirect_url'], 'index.php'); + + redirect(pun_htmlspecialchars($redirect_url), $lang_misc['Email sent redirect']); } // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the user's profile after the email is sent) if (!empty($_SERVER['HTTP_REFERER'])) - { - $referrer = parse_url($_SERVER['HTTP_REFERER']); - // Remove www subdomain if it exists - if (strpos($referrer['host'], 'www.') === 0) - $referrer['host'] = substr($referrer['host'], 4); - - // Make sure the path component exists - if (!isset($referrer['path'])) - $referrer['path'] = ''; - - $valid = parse_url(get_base_url()); - // Remove www subdomain if it exists - if (strpos($valid['host'], 'www.') === 0) - $valid['host'] = substr($valid['host'], 4); - - // Make sure the path component exists - if (!isset($valid['path'])) - $valid['path'] = ''; - - if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path'])) - $redirect_url = $_SERVER['HTTP_REFERER']; - } + $redirect_url = validate_redirect($_SERVER['HTTP_REFERER'], null); if (!isset($redirect_url)) $redirect_url = 'profile.php?id='.$recipient_id; diff --git a/profile.php b/profile.php index ce4e6dc..6076f10 100644 --- a/profile.php +++ b/profile.php @@ -55,7 +55,7 @@ if ($action == 'change_pass') message($lang_profile['Pass key bad'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.'); else { - $db->query('UPDATE '.$db->prefix.'users SET password=\''.$cur_user['activate_string'].'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'users SET password=\''.$db->escape($cur_user['activate_string']).'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); message($lang_profile['Pass updated'], true); } -- To stop receiving notification emails like this one, please contact the administrator of this repository. _______________________________________________ Xfce4-commits mailing list Xfce4-commits@xfce.org https://mail.xfce.org/mailman/listinfo/xfce4-commits