mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Fix SQL injection reported by Dr. Neal Krawetz

Browse Source
This commit is contained in:
Garvin Hicking
2007-06-17 10:45:24 +00:00
parent 0fb9515e28
commit acf9321f23
2 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/NEWS
View File

@@ -3,7 +3,7 @@
Version 1.2 () Version 1.2 ()
------------------------------------------------------------------------ ------------------------------------------------------------------------
* When a category or entry does not exist, emit HTTP 404 message * When a category or entry does not exist, emit HTTP 404 message
template instead of "No entries to print" and HTTP 200 status. template instead of "No entries to print" and HTTP 200 status.
(garvinhicking) (garvinhicking)
@@ -16,28 +16,28 @@ Version 1.2 ()
* Fix properly reinstantiating sessions and properly deleting cookies * Fix properly reinstantiating sessions and properly deleting cookies
when requested (garvinhicking) when requested (garvinhicking)
* Add support for sqlite3 (http://php-sqlite3.sourceforge.net/), by * Add support for sqlite3 (http://php-sqlite3.sourceforge.net/), by
geekmug geekmug
* Change database types for IP addresses to varchar(64) to support * Change database types for IP addresses to varchar(64) to support
IPv6 (garvinhicking) IPv6 (garvinhicking)
* Make statistics, karma and spamblock plugin only log 255 characters * Make statistics, karma and spamblock plugin only log 255 characters
of HTTP User-Agent and Referrer strings to the database, as the of HTTP User-Agent and Referrer strings to the database, as the
fields are only varchar(255). Thanks to jemm4jemm! fields are only varchar(255). Thanks to jemm4jemm!
* Fix bug in conjunction with PHP 5.2.1 changed variable-by-reference * Fix bug in conjunction with PHP 5.2.1 changed variable-by-reference
handling that could result in no groups being listed for author handling that could result in no groups being listed for author
accounts (garvinhicking) accounts (garvinhicking)
* Fix redundant space when inserting links through the non-WYSIWYG * Fix redundant space when inserting links through the non-WYSIWYG
editor panel. Fix "null" insertion. Thanks to Alp Uckan. editor panel. Fix "null" insertion. Thanks to Alp Uckan.
* Fix RSS fullfeed "let client decide" option typo. Previously this * Fix RSS fullfeed "let client decide" option typo. Previously this
always enforced a fullfeed to show, regardless of what the client always enforced a fullfeed to show, regardless of what the client
indicated. Thanks to stm9x9 (garvinhicking) indicated. Thanks to stm9x9 (garvinhicking)
* Add proper charset to CSS stylesheet. Thanks to SADtg * Add proper charset to CSS stylesheet. Thanks to SADtg
(garvinhicking) (garvinhicking)
* Strip tags from comments also in RSS-Feeds for comments, thanks to * Strip tags from comments also in RSS-Feeds for comments, thanks to
@@ -47,7 +47,7 @@ Version 1.2 ()
thanks to Thijs Kinkhorst thanks to Thijs Kinkhorst
* Enabled setting cache-control headers by default. * Enabled setting cache-control headers by default.
* Fix wrong next/previous page links when using wrapper.php indexFile * Fix wrong next/previous page links when using wrapper.php indexFile
option. (garvinhicking) option. (garvinhicking)
@@ -162,7 +162,16 @@ Version 1.2 ()
* Allow to call permalinks that end with a "/" the same as if not * Allow to call permalinks that end with a "/" the same as if not
ending with a "/" (garvinhicking) ending with a "/" (garvinhicking)
Version 1.1.2 () Version 1.1.3 (June 17th, 2007)
------------------------------------------------------------------------
* Fix SQL injection through 'commentMode' variable. Thanks to
Dr. Neal Krawetz
* Fix missing %username% permalink pattern in single entry view.
Patch by cress_cc
Version 1.1.2 (March 1st, 2007)
----------------------------------------------------------------------- -----------------------------------------------------------------------
* Fix showing SQL error message when an empty category is selected * Fix showing SQL error message when an empty category is selected

6
include/functions_comments.inc.php
View File

@@ -313,7 +313,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
function serendipity_printCommentsByAuthor() { function serendipity_printCommentsByAuthor() {
global $serendipity; global $serendipity;
$type = $serendipity['GET']['commentMode']; $type = serendipity_db_escape_string($serendipity['GET']['commentMode']);
if ($type == 'comments' || empty($type)) { if ($type == 'comments' || empty($type)) {
$type = 'NORMAL'; $type = 'NORMAL';
@@ -441,10 +441,10 @@ function serendipity_deleteComment($id, $entry_id, $type='comments') {
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}comments SET parent_id = " . (int)$sql['parent_id'] . " WHERE parent_id = " . $id); serendipity_db_query("UPDATE {$serendipity['dbPrefix']}comments SET parent_id = " . (int)$sql['parent_id'] . " WHERE parent_id = " . $id);
} }
$addData = array('cid' => $id, 'entry_id' => $entry_id); $addData = array('cid' => $id, 'entry_id' => $entry_id);
serendipity_plugin_api::hook_event('backend_deletecomment', $sql, $addData); serendipity_plugin_api::hook_event('backend_deletecomment', $sql, $addData);
return true; return true;
} else { } else {
return false; return false;