Changeset 532918
- Timestamp:
- 04/18/2012 04:00:31 PM (13 years ago)
- Location:
- forum-server/trunk
- Files:
-
- 6 edited
-
fs-admin/fs-admin.php (modified) (2 diffs)
-
fs-admin/wpf-edit-forum-group.php (modified) (7 diffs)
-
fs-admin/wpf-usergroup-edit.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
wpf-main.php (modified) (1 diff)
-
wpf.class.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
forum-server/trunk/fs-admin/fs-admin.php
r383269 r532918 559 559 $options = array( 'forum_posts_per_page' => $wpdb->escape($_POST['forum_posts_per_page']), 560 560 'forum_threads_per_page' => $wpdb->escape($_POST['forum_threads_per_page']), 561 'forum_require_registration' => $ _POST['forum_require_registration'],561 'forum_require_registration' => $wpdb->escape($_POST['forum_require_registration']), 562 562 'forum_date_format' => $wpdb->escape($_POST['forum_date_format']), 563 'forum_use_gravatar' => $ _POST['forum_use_gravatar'],563 'forum_use_gravatar' => $wpdb->escape($_POST['forum_use_gravatar']), 564 564 'forum_skin' => $op['forum_skin'], 565 'forum_allow_post_in_solved' => $ _POST['forum_allow_post_in_solved'],565 'forum_allow_post_in_solved' => $wpdb->escape($_POST['forum_allow_post_in_solved']), 566 566 'set_sort' => $op['set_sort'], 567 'forum_use_spam' => $ _POST['forum_use_spam'],568 'forum_use_bbcode' => $ _POST['forum_use_bbcode'],569 'forum_captcha' => $ _POST['forum_captcha'],570 'hot_topic' => $ _POST['hot_topic'],571 'veryhot_topic' => $ _POST['veryhot_topic'],572 'forum_seo_urls' => $ _POST['forum_seo_urls'],573 'forum_lang' => $ _POST['forum_lang']567 'forum_use_spam' => $wpdb->escape($_POST['forum_use_spam']), 568 'forum_use_bbcode' => $wpdb->escape($_POST['forum_use_bbcode']), 569 'forum_captcha' => $wpdb->escape($_POST['forum_captcha']), 570 'hot_topic' => $wpdb->escape($_POST['hot_topic']), 571 'veryhot_topic' => $wpdb->escape($_POST['veryhot_topic']), 572 'forum_seo_urls' => $wpdb->escape($_POST['forum_seo_urls']), 573 'forum_lang' => $wpdb->escape($_POST['forum_lang']) 574 574 ); 575 575 … … 686 686 $add_forum_description = $wpdb->escape($_POST['add_forum_description']); 687 687 $add_forum_name = $wpdb->escape($_POST['add_forum_name']); 688 $add_forum_group_id = $ _POST['add_forum_group_id'];688 $add_forum_group_id = $wpdb->escape($_POST['add_forum_group_id']); 689 689 if($_POST['add_forum_group_id'] == "add_forum_null") 690 690 return __("You must select a category", "vasthtml"); -
forum-server/trunk/fs-admin/wpf-edit-forum-group.php
r136715 r532918 2 2 if(isset($_POST['edit_save_group'])){ 3 3 global $wpdb, $table_prefix; 4 $usergroups = $ _POST['usergroups'];4 $usergroups = $wpdb->escape($_POST['usergroups']); 5 5 $edit_group_name = $wpdb->escape($_POST['edit_group_name']); 6 6 $edit_group_description = $wpdb->escape($_POST['edit_group_description']); 7 $edit_group_id = $ _POST['edit_group_id'];7 $edit_group_id = $wpdb->escape($_POST['edit_group_id']); 8 8 9 9 if($_POST['edit_group_name'] == "") … … 28 28 $edit_forum_name = $wpdb->escape($_POST['edit_forum_name']); 29 29 $edit_forum_description = $wpdb->escape($_POST['edit_forum_description']); 30 $edit_forum_id = $ _POST['edit_forum_id'];30 $edit_forum_id = $wpdb->escape($_POST['edit_forum_id']); 31 31 if($edit_forum_name == "") 32 32 echo "<div id='message' class='updated fade'><p>".__("You must specify a forum name", "vasthtml")."</p></div>"; … … 40 40 41 41 $usergroups = $vasthtml->get_usergroups(); 42 $usergroups_with_access = $this->get_usersgroups_with_access_to_group( $_GET['groupid']);43 $group_name = stripslashes($vasthtml->get_groupname( $_GET['groupid']));42 $usergroups_with_access = $this->get_usersgroups_with_access_to_group((int)$_GET['groupid']); 43 $group_name = stripslashes($vasthtml->get_groupname((int)$_GET['groupid'])); 44 44 global $wpdb, $table_prefix; 45 45 $table = $table_prefix."forum_groups"; … … 104 104 </tr> 105 105 106 <input type='hidden' name='edit_group_id' value='". $_GET['groupid']."' />";106 <input type='hidden' name='edit_group_id' value='".(int)$_GET['groupid']."' />"; 107 107 108 108 echo "</table>"; … … 115 115 if(($_GET['do'] == "editforum") && (!isset($_POST['edit_save_forum']))){ 116 116 117 echo "<h2>".__("Edit forum", "vasthtml")." \"".stripslashes($vasthtml->get_forumname( $_GET['forumid']))."\"</h2>";117 echo "<h2>".__("Edit forum", "vasthtml")." \"".stripslashes($vasthtml->get_forumname((int)$_GET['forumid']))."\"</h2>"; 118 118 echo "<form id='edit_forum_form' name='edit_forum_form' action='' method='post'>"; 119 119 … … 121 121 echo "<tr> 122 122 <th>".__("Name:", "vasthtml")."</th> 123 <td><input type='text' name='edit_forum_name' value='".stripslashes($vasthtml->get_forumname( $_GET['forumid']))."' /></td>123 <td><input type='text' name='edit_forum_name' value='".stripslashes($vasthtml->get_forumname((int)$_GET['forumid']))."' /></td> 124 124 </tr> 125 125 <tr> 126 126 <th>".__("Description:", "vasthtml")."</th> 127 <td><textarea name='edit_forum_description' ".ADMIN_ROW_COL.">".stripslashes($vasthtml->get_forum_description( $_GET['forumid']))."</textarea></td>127 <td><textarea name='edit_forum_description' ".ADMIN_ROW_COL.">".stripslashes($vasthtml->get_forum_description((int)$_GET['forumid']))."</textarea></td> 128 128 </tr> 129 129 <tr> … … 131 131 <td><input type='submit' name='edit_save_forum' value='".__("Save forum", "vasthtml")."' /></td> 132 132 </tr> 133 <input type='hidden' name='edit_forum_id' value='". $_GET['forumid']."' />";133 <input type='hidden' name='edit_forum_id' value='".(int)$_GET['forumid']."' />"; 134 134 135 135 echo "</table></form>"; -
forum-server/trunk/fs-admin/wpf-usergroup-edit.php
r136715 r532918 4 4 $edit_usergroup_name = $wpdb->escape($_POST['edit_usergroup_name']); 5 5 $edit_usergroup_description = $wpdb->escape($_POST['edit_usergroup_description']); 6 $edit_usergroup_id = $ _POST['edit_usergroup_id'];6 $edit_usergroup_id = $wpdb->escape($_POST['edit_usergroup_id']); 7 7 8 8 if(!$edit_usergroup_name) -
forum-server/trunk/readme.txt
r521986 r532918 7 7 Requires at least: 2.6 8 8 Tested up to: 3.3.1 9 Stable tag: 1.7. 29 Stable tag: 1.7.3 10 10 11 11 This Wordpress plugin is a complete forum system for your wordpress blog. … … 85 85 86 86 == Changelog == 87 88 = 1.7.4 = 89 * fixing harmless "exploits" 87 90 88 91 = 1.7.3 = -
forum-server/trunk/wpf-main.php
r521986 r532918 5 5 Author URI: http://forumpress.org/ 6 6 Plugin URI: http://forumpress.org/ 7 Version: 1.7. 37 Version: 1.7.4 8 8 */ 9 9 -
forum-server/trunk/wpf.class.php
r401171 r532918 2833 2833 $p = unserialize($u->meta_value); 2834 2834 2835 if(i n_array($thread, $p['notify_topics']) ){2835 if(is_array($p['notify_topics']) AND in_array($thread, $p['notify_topics']) ){ 2836 2836 2837 2837 $user = get_userdata($u->user_id);
Note: See TracChangeset
for help on using the changeset viewer.