Empty commit

2025-01-18 04:01:35 +00:00 · 2015-12-25 08:00:29 +00:00 · 2015-12-25 08:00:29 +00:00 · a4c3ae1184
commit a4c3ae1184
parent 52828f71e0
8 changed files with 19 additions and 8 deletions
--- a/classes/calendarview.class.php
+++ b/classes/calendarview.class.php
@ -6,6 +6,10 @@ class CalendarView {
 	private static $Events;

 	public static function render_title($Month, $Year) {
+		if (!is_numeric($Month) || !is_numeric($Year)) {
+			error(404);
+		}
+
 		$NextMonth = $Month % 12 == 0 ? 1 : $Month + 1;
 		$PreviousMonth = $Month == 1 ? 12 : $Month - 1;
 		$NextYear = $Year;
--- a/classes/sitehistory.class.php
+++ b/classes/sitehistory.class.php
@ -244,7 +244,7 @@ public static function update_event($ID, $Date, $Title, $Link, $Category, $SubCa
 	}

 	public static function delete_event($ID) {
-		if (empty($ID)) {
+		if (!is_numeric($ID)) {
 			error(404);
 		}
 		$QueryID = G::$DB->get_query_id();
--- a/docs/CHANGES.txt
+++ b/docs/CHANGES.txt
@ -1,5 +1,8 @@
 CHANGE LOG

+2015-12-24 by newman
+Fix several XSS, SQLi, and misc vulnerabilities
+
 2015-12-20 by newman
 Add password age to user profiles

--- a/sections/tools/data/ocelot_info.php
+++ b/sections/tools/data/ocelot_info.php
@ -30,7 +30,7 @@
 		<h2>Tracker info</h2>
 	</div>
 	<div class="linkbox">
-		<a href="?action=<?=$_GET['action']?>" class="brackets" />Main stats</a>
+		<a href="?action=<?=$_REQUEST['action']?>" class="brackets" />Main stats</a>
 	</div>
 	<div class="sidebar">
 		<div class="box box2">
@ -76,7 +76,7 @@
 <?
 } elseif (isset($_GET['userid'])) {
 ?>
-				User <?=$_GET['userid']?> doesn't exist
+				User <?=display_str($_GET['userid'])?> doesn't exist
 <?
 } else {
 ?>
--- a/sections/tools/development/service_stats.php
+++ b/sections/tools/development/service_stats.php
@ -1,5 +1,5 @@
 <?
-if (!check_perms('site_debug')) {
+if (!check_perms('site_debug') || !check_perms('admin_clear_cache')) {
 	error(403);
 }
 if (isset($_POST['global_flush'])) {
--- a/sections/tools/finances/bitcoin_balance.php
+++ b/sections/tools/finances/bitcoin_balance.php
@ -17,7 +17,7 @@
 <?
 if (empty($_GET['list'])) {
 ?>
-	<a href="?action=<?=$_GET['action']?>&amp;list=1" class="brackets">Show donor list</a>
+	<a href="?action=<?=$_REQUEST['action']?>&amp;list=1" class="brackets">Show donor list</a>
 <?
 } else {
 	$BitcoinAddresses = DonationsBitcoin::get_received();
--- a/sections/tools/managers/dnu_alter.php
+++ b/sections/tools/managers/dnu_alter.php
@ -9,10 +9,10 @@
 	foreach ($_POST['item'] as $Position => $Item) {
 		$Position = db_string($Position);
 		$Item = db_string($Item);
-		$DB->query('
+		$DB->query("
 			UPDATE `do_not_upload`
-			SET `Sequence` = ' . $Position . '
-			WHERE `id` = '. $Item);
+			SET `Sequence` = '" . $Position . "'
+			WHERE `id` = '" . $Item . "'");
 	}

 } elseif ($_POST['submit'] == 'Delete') { //Delete
--- a/sections/torrents/download.php
+++ b/sections/torrents/download.php
@ -6,6 +6,10 @@
 	$UserID		 = $LoggedUser['ID'];
 	$AuthKey	 = $LoggedUser['AuthKey'];
 } else {
+	if (strpos($_REQUEST['torrent_pass'], '_') !== false) {
+		error(404);
+	}
+	
 	$UserInfo = $Cache->get_value('user_'.$_REQUEST['torrent_pass']);
 	if (!is_array($UserInfo)) {
 		$DB->query("