« previous next »
Pages: [1]

Author Topic: [FIX] - admin/images.php  (Read 3868 times)

0 Members and 1 Guest are viewing this topic.

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
[FIX] - admin/images.php
« on: September 08, 2007, 07:07:00 PM »
Detail: Check for number of variable.

Find:

Quote
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));

replace:

Quote
$image_name = (isset($HTTP_POST_VARS['image_name']) && preg_match("/[A-Za-z0-9_-]+/i", $HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_name'])) : "";
$image_description = (isset($HTTP_POST_VARS['image_description']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_description'])) : "";

Find:

Quote
$cat_id = intval($HTTP_POST_VARS['cat_id']);
$old_cat_id = intval($HTTP_POST_VARS['old_cat_id']);

$user_id = (intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];

$image_date = (trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();
$image_active = intval($HTTP_POST_VARS['image_active']);
$image_allow_comments = intval($HTTP_POST_VARS['image_allow_comments']);
$image_downloads = (trim($HTTP_POST_VARS['image_downloads']) != "") ? intval($HTTP_POST_VARS['image_downloads']) : 0;
$image_votes = (trim($HTTP_POST_VARS['image_votes']) != "") ? intval($HTTP_POST_VARS['image_votes']) : 0;
$image_rating = (trim($HTTP_POST_VARS['image_rating']) != "") ? sprintf("%.2f", trim($HTTP_POST_VARS['image_rating'])) : "0.00";
$image_hits = (trim($HTTP_POST_VARS['image_hits']) != "") ? intval(trim($HTTP_POST_VARS['image_hits'])) : 0;

$remote_file = trim($HTTP_POST_VARS['remote_file']);
$remote_thumb_file = trim($HTTP_POST_VARS['remote_thumb_file']);

$old_file_name = trim($HTTP_POST_VARS['old_file_name']);
$old_thumb_file_name = trim($HTTP_POST_VARS['old_thumb_file_name']);

$image_download_url = trim($HTTP_POST_VARS['image_download_url']);

replace:

Code: [Select]
$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : 0;
$cat_id = preg_replace("/[^0-9]+/i", "", $cat_id);
$old_cat_id = (isset($HTTP_POST_VARS['old_cat_id'])) ? intval($HTTP_POST_VARS['old_cat_id']) : 0;
$old_cat_id = preg_replace("/[^0-9]+/i", "", $old_cat_id);

$user_id = (isset($HTTP_POST_VARS['user_id']) && intval($HTTP_POST_VARS['user_id']) != 0) ? intval($HTTP_POST_VARS['user_id']) : $user_info['user_id'];
$user_id = preg_replace("/[^0-9]+/i", "", $user_id);

$image_date = (isset($HTTP_POST_VARS['image_date']) && trim($HTTP_POST_VARS['image_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['image_date'])."')" : time();
$image_active = (isset($HTTP_POST_VARS['image_active']) && intval($HTTP_POST_VARS['image_active']) : 0;
$image_active = preg_replace("/[^0-9]+/i", "", $image_active);
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments'])) ? intval($HTTP_POST_VARS['image_allow_comments']) : 0;
$image_allow_comments = preg_replace("/[^0-9]+/i", "", $image_allow_comments);
$image_downloads = (isset($HTTP_POST_VARS['image_downloads']) && trim($HTTP_POST_VARS['image_downloads']) != "") ? intval($HTTP_POST_VARS['image_downloads']) : 0;
$image_downloads = preg_replace("/[^0-9]+/i", "", $image_downloads);
$image_votes = (isset($HTTP_POST_VARS['image_votes']) && trim($HTTP_POST_VARS['image_votes']) != "") ? intval($HTTP_POST_VARS['image_votes']) : 0;
$image_votes = preg_replace("/[^0-9]+/i", "", $image_votes);
$image_rating = (isset($HTTP_POST_VARS['image_rating']) && trim($HTTP_POST_VARS['image_rating']) != "") ? sprintf("%.2f", trim($HTTP_POST_VARS['image_rating'])) : "0.00";
$image_rating = preg_replace("/[^\.0-9]+/", "", $image_rating);
$image_hits = (isset($HTTP_POST_VARS['image_hits']) && trim($HTTP_POST_VARS['image_hits']) != "") ? intval(trim($HTTP_POST_VARS['image_hits'])) : 0;
$image_hits = preg_replace("/[^0-9]+/i", "", $image_hits);

$remote_file = (isset($HTTP_POST_VARS['remote_file'])) ? get_basefile(stripslashes($HTTP_POST_VARS['remote_file'])) : "";
$remote_thumb_file = (isset($HTTP_POST_VARS['remote_thumb_file'])) ?
get_basefile(stripslashes($HTTP_POST_VARS['remote_thumb_file'])) : "";

$old_file_name = (isset($HTTP_POST_VARS['old_file_name']) && is_remote($HTTP_POST_VARS['old_file_name'])) ? get_basefile(stripslashes($HTTP_POST_VARS['old_file_name'])) : "";
$old_thumb_file_name = (isset($HTTP_POST_VARS['old_thumb_file_name']) && is_remote($HTTP_POST_VARS['old_thumb_file_name'])) ? get_basefile(stripslashes($HTTP_POST_VARS['old_thumb_file_name'])) : "";

$image_download_url = (isset($HTTP_POST_VARS['image_download_url']) && preg_match('@^(?:http|https://)?([^/]+)@i', $HTTP_POST_VARS['image_download_url'])) ? trim($HTTP_POST_VARS['image_download_url']) : "";

Find:

Quote
//Save to Database
      if (!$uploaderror) {
        $image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description_'.$i]));

replace:

Code: [Select]
//Save to Database
      if (!$uploaderror) {
        $image_description = (isset($HTTP_POST_VARS['image_description']) && preg_match("/[A-Za-z0-9_-]+/i", $HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_description_'.$i])) : "";

Find (line: 509):

Quote
$image_active = trim($HTTP_POST_VARS['image_active_'.$i]);
$image_allow_comments = trim($HTTP_POST_VARS['image_allow_comments_'.$i]);

$image_download_url = trim($HTTP_POST_VARS['image_download_url_'.$i]);

replace:

Code: [Select]
$image_active = (isset($HTTP_POST_VARS['image_active_'.$i])) ? trim($HTTP_POST_VARS['image_active_'.$i]) : 0;
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments_'.$i])) ? trim($HTTP_POST_VARS['image_allow_comments_'.$i]) : 0;

$image_download_url = (isset($HTTP_POST_VARS['image_download_url_'.$i]) && preg_match('@^(?:http|https://)?([^/]+)@i', $HTTP_POST_VARS['image_download_url_'.$i])) ? trim($HTTP_POST_VARS['image_download_url_'.$i]) : "";

Find:

Quote
$condition = "1=1";

  $image_id = intval($HTTP_POST_VARS['image_id']);
  if ($image_id != "") {
    $condition .= " AND INSTR(LCASE(i.image_id),'$image_id')>0";
  }
  $image_name = trim($HTTP_POST_VARS['image_name']);
  if ($image_name != "") {
    $condition .= " AND INSTR(LCASE(i.image_name),'".strtolower($image_name)."')>0";
  }
  $image_description = trim($HTTP_POST_VARS['image_description']);
  if ($image_description != "") {
    $condition .= " AND INSTR(LCASE(i.image_description),'".strtolower($image_description)."')>0";
  }
  $image_keywords = trim($HTTP_POST_VARS['image_keywords']);
  if ($image_keywords != "") {
    $condition .= " AND INSTR(LCASE(i.image_keywords),'".strtolower($image_keywords)."')>0";
  }
  $cat_id = intval(trim($HTTP_POST_VARS['cat_id']));
  if ($cat_id != 0 && $cat_id != "") {
    $condition .= " AND i.cat_id = '$cat_id'";
  }
  $image_media_file = trim($HTTP_POST_VARS['image_media_file']);
  if ($image_media_file != "") {
    $condition .= " AND INSTR(LCASE(i.image_media_file),'".strtolower($image_media_file)."')>0";
  }
  $image_thumb_file = trim($HTTP_POST_VARS['image_thumb_file']);
  if ($image_thumb_file != "") {
    $condition .= " AND INSTR(LCASE(i.image_thumb_file),'".strtolower($image_thumb_file)."')>0";
  }
  $dateafter = trim($HTTP_POST_VARS['dateafter']);
  if ($dateafter != "") {
    $condition .= " AND i.image_date > UNIX_TIMESTAMP('$dateafter')";
  }
  $datebefore = trim($HTTP_POST_VARS['datebefore']);
  if ($datebefore != "") {
    $condition .= " AND i.image_date < UNIX_TIMESTAMP('$datebefore')";
  }
  $downloadslower = trim($HTTP_POST_VARS['downloadslower']);
  if ($downloadslower != "") {
    $condition .= " AND i.image_downloads < '$downloadslower'";
  }
  $downloadsupper = trim($HTTP_POST_VARS['downloadsupper']);
  if ($downloadsupper != "") {
    $condition .= " AND i.image_downloads > '$downloadsupper'";
  }
  $ratinglower = trim($HTTP_POST_VARS['ratinglower']);
  if ($ratinglower != "") {
    $condition .= " AND i.image_rating < '$ratinglower'";
  }
  $ratingupper = trim($HTTP_POST_VARS['ratingupper']);
  if ($ratingupper != "") {
    $condition .= " AND i.image_rating > '$ratingupper'";
  }
  $voteslower = trim($HTTP_POST_VARS['voteslower']);
  if ($voteslower != "") {
    $condition .= " AND i.image_votes < '$voteslower'";
  }
  $votesupper = trim($HTTP_POST_VARS['votesupper']);
  if ($votesupper != "") {
    $condition .= " AND i.image_votes > '$votesupper'";
  }
  $hitslower = trim($HTTP_POST_VARS['hitslower']);
  if ($hitslower != "") {
    $condition .= " AND i.image_hits < '$hitslower'";
  }
  $hitsupper = trim($HTTP_POST_VARS['hitsupper']);
  if ($hitsupper != "") {
    $condition .= " AND i.image_votes > '$hitsupper'";
  }
  $orderby = trim($HTTP_POST_VARS['orderby']);
  if ($orderby == "") {
    $orderby = "i.image_name";
  }

Do same type replace of topic:

http://www.4homepages.de/forum/index.php?topic=18665.0
« Last Edit: August 27, 2011, 02:14:09 PM by thunderstrike »
Logged
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?
Pages: [1]
« previous next »