Changeset 572188
- Timestamp:
- 07/14/2012 12:26:53 PM (13 years ago)
- Location:
- forum-server/trunk
- Files:
-
- 5 edited
-
fs-admin/fs-admin.php (modified) (3 diffs)
-
fs-admin/wpf-add-forum.php (modified) (2 diffs)
-
fs-admin/wpf-edit-forum-group.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
wpf-main.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
forum-server/trunk/fs-admin/fs-admin.php
r532918 r572188 53 53 $count = count($delete_usrgrp); 54 54 for($i = 0; $i < $count; $i++){ 55 $wpdb->query("DELETE FROM ".$table_prefix."forum_usergroups WHERE id = {$delete_usrgrp[$i]}");56 $wpdb->query("DELETE FROM ".$table_prefix."forum_usergroup2user WHERE `group` = {$delete_usrgrp[$i]}");55 $wpdb->query("DELETE FROM ".$table_prefix."forum_usergroups WHERE id = ".(int)$delete_usrgrp[$i]); 56 $wpdb->query("DELETE FROM ".$table_prefix."forum_usergroup2user WHERE `group` = ".(int)$delete_usrgrp[$i]); 57 57 58 58 } … … 146 146 echo "<div id='message' class='updated fade'><p>$msg</p></div>"; 147 147 if(isset($_GET['do']) && $_GET['do'] == "removemember"){ 148 $count = $wpdb->query("DELETE FROM ".$table_prefix."forum_usergroup2user WHERE user_id = {$_GET['memberid']} AND `group` = {$_GET['groupid']}");148 $count = $wpdb->query("DELETE FROM ".$table_prefix."forum_usergroup2user WHERE user_id = {$_GET['memberid']} AND `group` = ".(int)$_GET['groupid']); 149 149 echo "<div id='message' class='updated fade'><p>" . __("Member successfully removed.", "vasthtml") . "</p></div>"; 150 150 } … … 863 863 global $wpdb, $table_prefix; 864 864 $new_groups = maybe_serialize($new_groups); 865 $wpdb->query("UPDATE ".$table_prefix."forum_groups SET usergroups = '$new_groups' WHERE id = $group_id"); 866 } 867 865 $wpdb->query("UPDATE ".$table_prefix."forum_groups SET usergroups = '$new_groups' WHERE id = ".(int)$group_id); 866 } 868 867 function get_usersgroups_with_access_to_group($groupid){ 869 868 global $wpdb, $table_prefix; 870 $string = $wpdb->get_var("select usergroups from ".$table_prefix."forum_groups where id = $groupid");869 $string = $wpdb->get_var("select usergroups from ".$table_prefix."forum_groups where id = ".(int)$groupid); 871 870 return maybe_unserialize( $string ); 872 873 } 874 871 } 875 872 function edit_moderator(){ 876 873 if(isset($_POST['update_mod'])){ -
forum-server/trunk/fs-admin/wpf-add-forum.php
r136715 r572188 1 1 <?php 2 2 /*************** wpf-add-forum.php *********************/ 3 echo "<h2>".__("Add forum to", "vasthtml")." \"".stripslashes($vasthtml->get_groupname( $_GET['groupid']))."\"</h2>";3 echo "<h2>".__("Add forum to", "vasthtml")." \"".stripslashes($vasthtml->get_groupname((int)$_GET['groupid']))."\"</h2>"; 4 4 5 5 echo "<form name='add_forum_form' id='add_forum_form' method='post' action='".ADMIN_BASE_URL."structure'>"; … … 28 28 <td><input type='submit' value='".__("Save forum", "vasthtml")."' name='add_forum_submit' /></td> 29 29 </tr> 30 <input type='hidden' name='add_forum_group_id' value=' {$_GET['groupid']}' />";30 <input type='hidden' name='add_forum_group_id' value='".(int)$_GET['groupid']."' />"; 31 31 32 32 echo "</form></table>"; -
forum-server/trunk/fs-admin/wpf-edit-forum-group.php
r532918 r572188 56 56 <tr> 57 57 <th>".__("Description", "vasthtml")."</th> 58 <td><textarea name='edit_group_description' ".ADMIN_ROW_COL.">".stripslashes($vasthtml->get_group_description( $_GET['groupid']))."</textarea></td>58 <td><textarea name='edit_group_description' ".ADMIN_ROW_COL.">".stripslashes($vasthtml->get_group_description((int)$_GET['groupid']))."</textarea></td> 59 59 </tr> 60 60 <tr> -
forum-server/trunk/readme.txt
r532918 r572188 7 7 Requires at least: 2.6 8 8 Tested up to: 3.3.1 9 Stable tag: 1.7. 39 Stable tag: 1.7.4 10 10 11 11 This Wordpress plugin is a complete forum system for your wordpress blog. … … 85 85 86 86 == Changelog == 87 88 = 1.7.5 = 89 * fixing harmless "exploits" 87 90 88 91 = 1.7.4 = -
forum-server/trunk/wpf-main.php
r532918 r572188 5 5 Author URI: http://forumpress.org/ 6 6 Plugin URI: http://forumpress.org/ 7 Version: 1.7. 47 Version: 1.7.5 8 8 */ 9 9
Note: See TracChangeset
for help on using the changeset viewer.