« on: September 08, 2007, 07:07:00 PM »
Detail: Check for number of variable.
Find:
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
replace:
$image_name = (isset($HTTP_POST_VARS['image_name']) && preg_match("/[A-Za-z0-9_-]+/i", $HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_name'])) : "";
$image_description = (isset($HTTP_POST_VARS['image_description']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_description'])) : "";
Find:
$cat_id = intval($HTTP_POST_VARS['cat_id']);
$old_cat_id = intval($HTTP_POST_VARS['old_cat_id']);
$user_id = (intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];
$image_date = (trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();
$image_active = intval($HTTP_POST_VARS['image_active']);
$image_allow_comments = intval($HTTP_POST_VARS['image_allow_comments']);
$image_downloads = (trim($HTTP_POST_VARS['image_downloads']) != "") ? intval($HTTP_POST_VARS['image_downloads']) : 0;
$image_votes = (trim($HTTP_POST_VARS['image_votes']) != "") ? intval($HTTP_POST_VARS['image_votes']) : 0;
$image_rating = (trim($HTTP_POST_VARS['image_rating']) != "") ? sprintf("%.2f", trim($HTTP_POST_VARS['image_rating'])) : "0.00";
$image_hits = (trim($HTTP_POST_VARS['image_hits']) != "") ? intval(trim($HTTP_POST_VARS['image_hits'])) : 0;
$remote_file = trim($HTTP_POST_VARS['remote_file']);
$remote_thumb_file = trim($HTTP_POST_VARS['remote_thumb_file']);
$old_file_name = trim($HTTP_POST_VARS['old_file_name']);
$old_thumb_file_name = trim($HTTP_POST_VARS['old_thumb_file_name']);
$image_download_url = trim($HTTP_POST_VARS['image_download_url']);
replace:
$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : 0;
$cat_id = preg_replace("/[^0-9]+/i", "", $cat_id);
$old_cat_id = (isset($HTTP_POST_VARS['old_cat_id'])) ? intval($HTTP_POST_VARS['old_cat_id']) : 0;
$old_cat_id = preg_replace("/[^0-9]+/i", "", $old_cat_id);
$user_id = (isset($HTTP_POST_VARS['user_id']) && intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];
$user_id = preg_replace("/[^0-9]+/i", "", $user_id);
$image_date = (isset($HTTP_POST_VARS['image_date']) && trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();
$image_active = (isset($HTTP_POST_VARS['image_active']) && intval($HTTP_POST_VARS['image_active']) : 0;
$image_active = preg_replace("/[^0-9]+/i", "", $image_active);
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments'])) ? intval($HTTP_POST_VARS['image_allow_comments']) : 0;
$image_allow_comments = preg_replace("/[^0-9]+/i", "", $image_allow_comments);
$image_downloads = (isset($HTTP_POST_VARS['image_downloads']) && trim($HTTP_POST_VARS['image_downloads']) != "") ? intval($HTTP_POST_VARS['image_downloads']) : 0;
$image_downloads = preg_replace("/[^0-9]+/i", "", $image_downloads);
$image_votes = (isset($HTTP_POST_VARS['image_votes']) && trim($HTTP_POST_VARS['image_votes']) != "") ? intval($HTTP_POST_VARS['image_votes']) : 0;
$image_votes = preg_replace("/[^0-9]+/i", "", $image_votes);
$image_rating = (isset($HTTP_POST_VARS['image_rating']) && trim($HTTP_POST_VARS['image_rating']) != "") ? sprintf("%.2f", trim($HTTP_POST_VARS['image_rating'])) : "0.00";
$image_rating = preg_replace("/[^\.0-9]+/", "", $image_rating);
$image_hits = (isset($HTTP_POST_VARS['image_hits']) && trim($HTTP_POST_VARS['image_hits']) != "") ? intval(trim($HTTP_POST_VARS['image_hits'])) : 0;
$image_hits = preg_replace("/[^0-9]+/i", "", $image_hits);
$remote_file = (isset($HTTP_POST_VARS['remote_file'])) ? get_basefile(stripslashes($HTTP_POST_VARS['remote_file'])) : "";
$remote_thumb_file = (isset($HTTP_POST_VARS['remote_thumb_file'])) ?
get_basefile(stripslashes($HTTP_POST_VARS['remote_thumb_file'])) : "";
$old_file_name = (isset($HTTP_POST_VARS['old_file_name']) && is_remote($HTTP_POST_VARS['old_file_name'])) ? get_basefile(stripslashes($HTTP_POST_VARS['old_file_name'])) : "";
$old_thumb_file_name = (isset($HTTP_POST_VARS['old_thumb_file_name']) && is_remote($HTTP_POST_VARS['old_thumb_file_name'])) ? get_basefile(stripslashes($HTTP_POST_VARS['old_thumb_file_name'])) : "";
$image_download_url = (isset($HTTP_POST_VARS['image_download_url']) && preg_match('@^(?:http|https://)?([^/]+)@i', $HTTP_POST_VARS['image_download_url'])) ? trim($HTTP_POST_VARS['image_download_url']) : "";
Find:
//Save to Database
if (!$uploaderror) {
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description_'.$i]));
replace:
//Save to Database
if (!$uploaderror) {
$image_description = (isset($HTTP_POST_VARS['image_description']) && preg_match("/[A-Za-z0-9_-]+/i", $HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_description_'.$i])) : "";
Find (line: 509):
$image_active = trim($HTTP_POST_VARS['image_active_'.$i]);
$image_allow_comments = trim($HTTP_POST_VARS['image_allow_comments_'.$i]);
$image_download_url = trim($HTTP_POST_VARS['image_download_url_'.$i]);
replace:
$image_active = (isset($HTTP_POST_VARS['image_active_'.$i])) ? trim($HTTP_POST_VARS['image_active_'.$i]) : 0;
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments_'.$i])) ? trim($HTTP_POST_VARS['image_allow_comments_'.$i]) : 0;
$image_download_url = (isset($HTTP_POST_VARS['image_download_url_'.$i]) && preg_match('@^(?:http|https://)?([^/]+)@i', $HTTP_POST_VARS['image_download_url_'.$i])) ? trim($HTTP_POST_VARS['image_download_url_'.$i]) : "";
Find:
$condition = "1=1";
$image_id = intval($HTTP_POST_VARS['image_id']);
if ($image_id != "") {
$condition .= " AND INSTR(LCASE(i.image_id),'$image_id')>0";
}
$image_name = trim($HTTP_POST_VARS['image_name']);
if ($image_name != "") {
$condition .= " AND INSTR(LCASE(i.image_name),'".strtolower($image_name)."')>0";
}
$image_description = trim($HTTP_POST_VARS['image_description']);
if ($image_description != "") {
$condition .= " AND INSTR(LCASE(i.image_description),'".strtolower($image_description)."')>0";
}
$image_keywords = trim($HTTP_POST_VARS['image_keywords']);
if ($image_keywords != "") {
$condition .= " AND INSTR(LCASE(i.image_keywords),'".strtolower($image_keywords)."')>0";
}
$cat_id = intval(trim($HTTP_POST_VARS['cat_id']));
if ($cat_id != 0 && $cat_id != "") {
$condition .= " AND i.cat_id = '$cat_id'";
}
$image_media_file = trim($HTTP_POST_VARS['image_media_file']);
if ($image_media_file != "") {
$condition .= " AND INSTR(LCASE(i.image_media_file),'".strtolower($image_media_file)."')>0";
}
$image_thumb_file = trim($HTTP_POST_VARS['image_thumb_file']);
if ($image_thumb_file != "") {
$condition .= " AND INSTR(LCASE(i.image_thumb_file),'".strtolower($image_thumb_file)."')>0";
}
$dateafter = trim($HTTP_POST_VARS['dateafter']);
if ($dateafter != "") {
$condition .= " AND i.image_date > UNIX_TIMESTAMP('$dateafter')";
}
$datebefore = trim($HTTP_POST_VARS['datebefore']);
if ($datebefore != "") {
$condition .= " AND i.image_date < UNIX_TIMESTAMP('$datebefore')";
}
$downloadslower = trim($HTTP_POST_VARS['downloadslower']);
if ($downloadslower != "") {
$condition .= " AND i.image_downloads < '$downloadslower'";
}
$downloadsupper = trim($HTTP_POST_VARS['downloadsupper']);
if ($downloadsupper != "") {
$condition .= " AND i.image_downloads > '$downloadsupper'";
}
$ratinglower = trim($HTTP_POST_VARS['ratinglower']);
if ($ratinglower != "") {
$condition .= " AND i.image_rating < '$ratinglower'";
}
$ratingupper = trim($HTTP_POST_VARS['ratingupper']);
if ($ratingupper != "") {
$condition .= " AND i.image_rating > '$ratingupper'";
}
$voteslower = trim($HTTP_POST_VARS['voteslower']);
if ($voteslower != "") {
$condition .= " AND i.image_votes < '$voteslower'";
}
$votesupper = trim($HTTP_POST_VARS['votesupper']);
if ($votesupper != "") {
$condition .= " AND i.image_votes > '$votesupper'";
}
$hitslower = trim($HTTP_POST_VARS['hitslower']);
if ($hitslower != "") {
$condition .= " AND i.image_hits < '$hitslower'";
}
$hitsupper = trim($HTTP_POST_VARS['hitsupper']);
if ($hitsupper != "") {
$condition .= " AND i.image_votes > '$hitsupper'";
}
$orderby = trim($HTTP_POST_VARS['orderby']);
if ($orderby == "") {
$orderby = "i.image_name";
}
Do same type replace of topic:
http://www.4homepages.de/forum/index.php?topic=18665.0
« Last Edit: August 27, 2011, 02:14:09 PM by thunderstrike »
Logged
8 steps need when ask question -
- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?