Detail: Ok so fix for postcard for check POST before use. Check user name, user email, recipient name, recipient email, headline and message valid chars. Before, no check (or minumum). This protect more.
For:
if ($action == "sendcard") {
Find:
$bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color']));
$border_color = un_htmlspecialchars(trim($HTTP_POST_VARS['border_color']));
$font_color = un_htmlspecialchars(trim($HTTP_POST_VARS['font_color']));
$font_face = un_htmlspecialchars(trim($HTTP_POST_VARS['font_face']));
$sender_name = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_name']));
$sender_email = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_email']));
$recipient_name = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_name']));
$recipient_email = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_email']));
$headline = un_htmlspecialchars(trim($HTTP_POST_VARS['headline']));
$message = un_htmlspecialchars(trim($HTTP_POST_VARS['message']));
replace:
$bg_color = (isset($HTTP_POST_VARS['bg_color']) && preg_match("/[\#A-Za-z0-9]/i", $HTTP_POST_VARS['bg_color'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['bg_color'])) : "";
$border_color = (isset($HTTP_POST_VARS['border_color']) && preg_match("/[\#A-Za-z0-9]/i", $HTTP_POST_VARS['border_color'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['border_color'])) : "";
$font_color = (isset($HTTP_POST_VARS['font_color']) && preg_match("/[\#A-Za-z0-9]/i", $HTTP_POST_VARS['font_color'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['font_color'])) : "";
$font_face = (isset($HTTP_POST_VARS['font_face']) && preg_match("/[\#A-Za-z0-9]/i", $HTTP_POST_VARS['border_color'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['font_face'])) : "";
$sender_name = (isset($HTTP_POST_VARS['sender_name']) && preg_match("/[A-Za-z0-9\-\_]/i", $HTTP_POST_VARS['sender_name'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['sender_name'])) : "";
$sender_email = un_htmlspecialchars(trim((string)$HTTP_POST_VARS['sender_email']));
if (isset($sender_email)) {
if (function_exists('mailchek') && !function_exists('check_email') && mailchek($sender_email, 2)) {
} elseif (function_exists('check_email') && !function_exists('mailchek') && check_email($sender_email)) {
}
}
$recipient_name = (isset($HTTP_POST_VARS['recipient_name']) && preg_match("/[A-Za-z0-9\-\_]/i", $HTTP_POST_VARS['recipient_name'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['recipient_name'])) : "";
$recipient_email = un_htmlspecialchars(trim((string)$HTTP_POST_VARS['recipient_email']));
if (isset($recipient_email)) {
if (function_exists('mailchek') && !function_exists('check_email') && mailchek($recipient_email, 2)) {
} elseif (function_exists('check_email') && !function_exists('mailchek') && check_email($recipient_email)) {
}
}
$headline = (isset($HTTP_POST_VARS['headline']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['headline'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['headline'])) : "";
$message = (isset($HTTP_POST_VARS['message']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['message'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['message'])) : "";
Do same for
previewcard and
modifycard action.
