Mirror/Gazelle
1
0
Fork 0
mirror of https://github.com/WhatCD/Gazelle.git synced 2024-12-12 18:36:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Empty commit

Browse Source
This commit is contained in:
Git 2015-11-20 08:00:28 +00:00
parent 5194e7be67
commit ba0b51ef98
7 changed files with 11 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/CHANGES.txt
View File

@ -1,5 +1,8 @@
CHANGE LOG CHANGE LOG
2015-11-19 by lawnmower
Fix several XSS and SQLi vulerabilities
2015-11-14 by techietrash 2015-11-14 by techietrash
Fix ctrl+click group collapsing/expanding on OSX Fix ctrl+click group collapsing/expanding on OSX

4
sections/reports/ajax_resolve_report.php
View File

@ -1,11 +1,11 @@
<? <?
authorize(); authorize();
if ((!check_perms('admin_reports') && !check_perms('project_team') && !check_perms('site_moderate_forums')) || (empty($_POST['reportid']) && !is_number($_POST['reportid']))) { if (!check_perms('admin_reports') && !check_perms('project_team') && !check_perms('site_moderate_forums')) {
ajax_error(); ajax_error();
} }
$ReportID = $_POST['reportid']; $ReportID = (int) $_POST['reportid'];
$DB->query(" $DB->query("
SELECT Type SELECT Type

6
sections/reports/takeresolve.php
View File

@ -5,11 +5,7 @@
error(403); error(403);
} }
if (empty($_POST['reportid']) && !is_number($_POST['reportid'])) { $ReportID = (int) $_POST['reportid'];
error(403);
}
$ReportID = $_POST['reportid'];
$DB->query(" $DB->query("
SELECT Type SELECT Type

2
sections/reportsv2/ajax_create_report.php
View File

@ -50,7 +50,7 @@
} }
$ExtraID = $_POST['otherid']; $ExtraID = db_string($_POST['otherid']);
if (!empty($_POST['extra'])) { if (!empty($_POST['extra'])) {
$Extra = db_string($_POST['extra']); $Extra = db_string($_POST['extra']);

7
sections/reportsv2/ajax_update_comment.php
View File

@ -7,12 +7,7 @@
error(403); error(403);
} }
if (empty($_POST['reportid']) || !is_number($_POST['reportid'])) { $ReportID = (int) $_POST['reportid'];
echo 'HAX ATTEMPT!'.$_GET['reportid'];
die();
}
$ReportID = $_POST['reportid'];
$Message = db_string($_POST['comment']); $Message = db_string($_POST['comment']);
//Message can be blank! //Message can be blank!

14
sections/reportsv2/ajax_update_resolve.php
View File

@ -5,23 +5,13 @@
error(403); error(403);
} }
if (empty($_GET['reportid']) || !is_number($_GET['reportid'])) {
echo 'HAX ATTEMPT!'.$_GET['reportid'];
die();
}
if (empty($_GET['categoryid']) || !is_number($_GET['categoryid'])) {
echo 'HAX ATTEMPT!!'.$_GET['categoryid'];
die();
}
if (empty($_GET['newresolve'])) { if (empty($_GET['newresolve'])) {
echo "No new resolve"; echo "No new resolve";
die(); die();
} }
$ReportID = $_GET['reportid']; $ReportID = (int) $_GET['reportid'];
$CategoryID = $_GET['categoryid']; $CategoryID = (int) $_GET['categoryid'];
$NewType = $_GET['newresolve']; $NewType = $_GET['newresolve'];
if (!empty($Types[$CategoryID])) { if (!empty($Types[$CategoryID])) {

2
sections/user/manage_linked.php
View File

@ -6,7 +6,7 @@
error(403); error(403);
} }
$UserID = $_REQUEST['userid']; $UserID = (int) $_REQUEST['userid'];
switch ($_REQUEST['dupeaction']) { switch ($_REQUEST['dupeaction']) {
case 'remove': case 'remove':