From a4c3ae1184900d839879903041c05fc68d614e91 Mon Sep 17 00:00:00 2001 From: Git Date: Fri, 25 Dec 2015 08:00:29 +0000 Subject: [PATCH] Empty commit --- classes/calendarview.class.php | 4 ++++ classes/sitehistory.class.php | 2 +- docs/CHANGES.txt | 3 +++ sections/tools/data/ocelot_info.php | 4 ++-- sections/tools/development/service_stats.php | 2 +- sections/tools/finances/bitcoin_balance.php | 2 +- sections/tools/managers/dnu_alter.php | 6 +++--- sections/torrents/download.php | 4 ++++ 8 files changed, 19 insertions(+), 8 deletions(-) diff --git a/classes/calendarview.class.php b/classes/calendarview.class.php index a3536869..ecce5a4b 100644 --- a/classes/calendarview.class.php +++ b/classes/calendarview.class.php @@ -6,6 +6,10 @@ class CalendarView { private static $Events; public static function render_title($Month, $Year) { + if (!is_numeric($Month) || !is_numeric($Year)) { + error(404); + } + $NextMonth = $Month % 12 == 0 ? 1 : $Month + 1; $PreviousMonth = $Month == 1 ? 12 : $Month - 1; $NextYear = $Year; diff --git a/classes/sitehistory.class.php b/classes/sitehistory.class.php index f696d360..e55b39c4 100644 --- a/classes/sitehistory.class.php +++ b/classes/sitehistory.class.php @@ -244,7 +244,7 @@ public static function update_event($ID, $Date, $Title, $Link, $Category, $SubCa } public static function delete_event($ID) { - if (empty($ID)) { + if (!is_numeric($ID)) { error(404); } $QueryID = G::$DB->get_query_id(); diff --git a/docs/CHANGES.txt b/docs/CHANGES.txt index e03fd119..90e8ed8c 100644 --- a/docs/CHANGES.txt +++ b/docs/CHANGES.txt @@ -1,5 +1,8 @@ CHANGE LOG +2015-12-24 by newman +Fix several XSS, SQLi, and misc vulnerabilities + 2015-12-20 by newman Add password age to user profiles diff --git a/sections/tools/data/ocelot_info.php b/sections/tools/data/ocelot_info.php index f3b1c666..93852670 100644 --- a/sections/tools/data/ocelot_info.php +++ b/sections/tools/data/ocelot_info.php @@ -30,7 +30,7 @@

Tracker info

- Main stats + Main stats
@@ -76,7 +76,7 @@ - User doesn't exist + User doesn't exist diff --git a/sections/tools/development/service_stats.php b/sections/tools/development/service_stats.php index 52254b61..e0bda9ac 100644 --- a/sections/tools/development/service_stats.php +++ b/sections/tools/development/service_stats.php @@ -1,5 +1,5 @@ - Show donor list + Show donor list $Item) { $Position = db_string($Position); $Item = db_string($Item); - $DB->query(' + $DB->query(" UPDATE `do_not_upload` - SET `Sequence` = ' . $Position . ' - WHERE `id` = '. $Item); + SET `Sequence` = '" . $Position . "' + WHERE `id` = '" . $Item . "'"); } } elseif ($_POST['submit'] == 'Delete') { //Delete diff --git a/sections/torrents/download.php b/sections/torrents/download.php index 225537f2..c87774f0 100644 --- a/sections/torrents/download.php +++ b/sections/torrents/download.php @@ -6,6 +6,10 @@ $UserID = $LoggedUser['ID']; $AuthKey = $LoggedUser['AuthKey']; } else { + if (strpos($_REQUEST['torrent_pass'], '_') !== false) { + error(404); + } + $UserInfo = $Cache->get_value('user_'.$_REQUEST['torrent_pass']); if (!is_array($UserInfo)) { $DB->query("