a/admin_bans.php |
b/admin_bans.php |
134: <tr> | 134: <tr> |
135: <th scope="row"><?php echo $lang_admin_bans['E-mail label'] ?></th> | 135: <th scope="row"><?php echo $lang_admin_bans['E-mail label'] ?></th> |
136: <td> | 136: <td> |
137: <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo $ban_email; ?>" tabindex="3" /> | 137: <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo pun_htmlspecialchars($ban_email); ?>" tabindex="3" /> |
138: <span><?php echo $lang_admin_bans['E-mail help'] ?></span> | 138: <span><?php echo $lang_admin_bans['E-mail help'] ?></span> |
139: </td> | 139: </td> |
140: </tr> | 140: </tr> |
259: require PUN_ROOT.'include/email.php'; | 259: require PUN_ROOT.'include/email.php'; |
260: if ($ban_email != '' && !is_valid_email($ban_email)) | 260: if ($ban_email != '' && !is_valid_email($ban_email)) |
261: { | 261: { |
262: if (!preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$%', $ban_email)) | 262: if (!preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,63})$%', $ban_email)) |
263: message($lang_admin_bans['Invalid e-mail message']); | 263: message($lang_admin_bans['Invalid e-mail message']); |
264: } | 264: } |
265: | 265: |
434: ?> | 434: ?> |
435: <tr> | 435: <tr> |
436: <td class="tcl"><?php echo ($ban_data['username'] != '') ? pun_htmlspecialchars($ban_data['username']) : ' ' ?></td> | 436: <td class="tcl"><?php echo ($ban_data['username'] != '') ? pun_htmlspecialchars($ban_data['username']) : ' ' ?></td> |
437: <td class="tc2"><?php echo ($ban_data['email'] != '') ? $ban_data['email'] : ' ' ?></td> | 437: <td class="tc2"><?php echo ($ban_data['email'] != '') ? pun_htmlspecialchars($ban_data['email']) : ' ' ?></td> |
438: <td class="tc3"><?php echo ($ban_data['ip'] != '') ? pun_htmlspecialchars($ban_data['ip']) : ' ' ?></td> | 438: <td class="tc3"><?php echo ($ban_data['ip'] != '') ? pun_htmlspecialchars($ban_data['ip']) : ' ' ?></td> |
439: <td class="tc4"><?php echo $expire ?></td> | 439: <td class="tc4"><?php echo $expire ?></td> |
440: <td class="tc5"><?php echo ($ban_data['message'] != '') ? pun_htmlspecialchars($ban_data['message']) : ' ' ?></td> | 440: <td class="tc5"><?php echo ($ban_data['message'] != '') ? pun_htmlspecialchars($ban_data['message']) : ' ' ?></td> |
a/admin_options.php |
b/admin_options.php |
705: <tr> | 705: <tr> |
706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th> | 706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th> |
707: <td> | 707: <td> |
708: <input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_admin_email'] ?>" /> | 708: <input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_admin_email']) ?>" /> |
709: <span><?php echo $lang_admin_options['Admin e-mail help'] ?></span> | 709: <span><?php echo $lang_admin_options['Admin e-mail help'] ?></span> |
710: </td> | 710: </td> |
711: </tr> | 711: </tr> |
712: <tr> | 712: <tr> |
713: <th scope="row"><?php echo $lang_admin_options['Webmaster e-mail label'] ?></th> | 713: <th scope="row"><?php echo $lang_admin_options['Webmaster e-mail label'] ?></th> |
714: <td> | 714: <td> |
715: <input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_webmaster_email'] ?>" /> | 715: <input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_webmaster_email']) ?>" /> |
716: <span><?php echo $lang_admin_options['Webmaster e-mail help'] ?></span> | 716: <span><?php echo $lang_admin_options['Webmaster e-mail help'] ?></span> |
717: </td> | 717: </td> |
718: </tr> | 718: </tr> |
a/db_update.php |
b/db_update.php |
7: */ | 7: */ |
8: | 8: |
9: // The FluxBB version this script updates to | 9: // The FluxBB version this script updates to |
10: define('UPDATE_TO', '1.5.6'); | 10: define('UPDATE_TO', '1.5.7'); |
11: | 11: |
12: define('UPDATE_TO_DB_REVISION', 20); | 12: define('UPDATE_TO_DB_REVISION', 20); |
13: define('UPDATE_TO_SI_REVISION', 2); | 13: define('UPDATE_TO_SI_REVISION', 2); |
a/include/common.php |
b/include/common.php |
10: exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.'); | 10: exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.'); |
11: | 11: |
12: // Define the version and database revision that this code was written for | 12: // Define the version and database revision that this code was written for |
13: define('FORUM_VERSION', '1.5.6'); | 13: define('FORUM_VERSION', '1.5.7'); |
14: | 14: |
15: define('FORUM_DB_REVISION', 20); | 15: define('FORUM_DB_REVISION', 20); |
16: define('FORUM_SI_REVISION', 2); | 16: define('FORUM_SI_REVISION', 2); |
a/include/functions.php |
b/include/functions.php |
1070: } | 1070: } |
1071: | 1071: |
1072: // Check the host and path match. Ignore the scheme, port, etc. | 1072: // Check the host and path match. Ignore the scheme, port, etc. |
1073: if ($referrer['host'] != $valid_host || !in_array($referrer['path'], $valid_paths)) | 1073: if ($referrer['host'] != $valid_host || !in_array($referrer['path'], $valid_paths, true)) |
1074: message($error_msg ? $error_msg : $lang_common['Bad referrer']); | 1074: message($error_msg ? $error_msg : $lang_common['Bad referrer']); |
1075: } | 1075: } |
1076: | 1076: |
1077: | 1077: |
1078: // | 1078: // |
| 1079: // Validate the given redirect URL, use the fallback otherwise |
| 1080: // |
| 1081: function validate_redirect($redirect_url, $fallback_url) |
| 1082: { |
| 1083: $referrer = parse_url(strtolower($redirect_url)); |
| 1084: |
| 1085: // Remove www subdomain if it exists |
| 1086: if (strpos($referrer['host'], 'www.') === 0) |
| 1087: $referrer['host'] = substr($referrer['host'], 4); |
| 1088: |
| 1089: // Make sure the path component exists |
| 1090: if (!isset($referrer['path'])) |
| 1091: $referrer['path'] = ''; |
| 1092: |
| 1093: $valid = parse_url(strtolower(get_base_url())); |
| 1094: |
| 1095: // Remove www subdomain if it exists |
| 1096: if (strpos($valid['host'], 'www.') === 0) |
| 1097: $valid['host'] = substr($valid['host'], 4); |
| 1098: |
| 1099: // Make sure the path component exists |
| 1100: if (!isset($valid['path'])) |
| 1101: $valid['path'] = ''; |
| 1102: |
| 1103: if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path'])) |
| 1104: return $redirect_url; |
| 1105: else |
| 1106: return $fallback_url; |
| 1107: } |
| 1108: |
| 1109: |
| 1110: // |
1079: // Generate a random password of length $len | 1111: // Generate a random password of length $len |
1080: // Compatibility wrapper for random_key | 1112: // Compatibility wrapper for random_key |
1081: // | 1113: // |
a/install.php |
b/install.php |
7: */ | 7: */ |
8: | 8: |
9: // The FluxBB version this script installs | 9: // The FluxBB version this script installs |
10: define('FORUM_VERSION', '1.5.6'); | 10: define('FORUM_VERSION', '1.5.7'); |
11: | 11: |
12: define('FORUM_DB_REVISION', 20); | 12: define('FORUM_DB_REVISION', 20); |
13: define('FORUM_SI_REVISION', 2); | 13: define('FORUM_SI_REVISION', 2); |
a/login.php |
b/login.php |
84: // Reset tracked topics | 84: // Reset tracked topics |
85: set_tracked_topics(null); | 85: set_tracked_topics(null); |
86: | 86: |
87: redirect(pun_htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']); | 87: // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login) |
| 88: $redirect_url = validate_redirect($_POST['redirect_url'], 'index.php'); |
| 89: |
| 90: redirect(pun_htmlspecialchars($redirect_url), $lang_login['Login redirect']); |
88: } | 91: } |
89: | 92: |
90: | 93: |
238: | 241: |
239: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login) | 242: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login) |
240: if (!empty($_SERVER['HTTP_REFERER'])) | 243: if (!empty($_SERVER['HTTP_REFERER'])) |
241: { | 244: $redirect_url = validate_redirect($_SERVER['HTTP_REFERER'], null); |
242: $referrer = parse_url($_SERVER['HTTP_REFERER']); | |
243: // Remove www subdomain if it exists | |
244: if (strpos($referrer['host'], 'www.') === 0) | |
245: $referrer['host'] = substr($referrer['host'], 4); | |
246: | |
247: // Make sure the path component exists | |
248: if (!isset($referrer['path'])) | |
249: $referrer['path'] = ''; | |
250: | |
251: $valid = parse_url(get_base_url()); | |
252: // Remove www subdomain if it exists | |
253: if (strpos($valid['host'], 'www.') === 0) | |
254: $valid['host'] = substr($valid['host'], 4); | |
255: | |
256: // Make sure the path component exists | |
257: if (!isset($valid['path'])) | |
258: $valid['path'] = ''; | |
259: | |
260: if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path'])) | |
261: $redirect_url = $_SERVER['HTTP_REFERER']; | |
262: } | |
263: | 245: |
264: if (!isset($redirect_url)) | 246: if (!isset($redirect_url)) |
265: $redirect_url = 'index.php'; | 247: $redirect_url = 'index.php'; |
a/misc.php |
b/misc.php |
136: | 136: |
137: $db->query('UPDATE '.$db->prefix.'users SET last_email_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error()); | 137: $db->query('UPDATE '.$db->prefix.'users SET last_email_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error()); |
138: | 138: |
139: redirect(pun_htmlspecialchars($_POST['redirect_url']), $lang_misc['Email sent redirect']); | 139: // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login) |
| 140: $redirect_url = validate_redirect($_POST['redirect_url'], 'index.php'); |
| 141: |
| 142: redirect(pun_htmlspecialchars($redirect_url), $lang_misc['Email sent redirect']); |
140: } | 143: } |
141: | 144: |
142: | 145: |
143: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the user's profile after the email is sent) | 146: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the user's profile after the email is sent) |
144: if (!empty($_SERVER['HTTP_REFERER'])) | 147: if (!empty($_SERVER['HTTP_REFERER'])) |
145: { | 148: $redirect_url = validate_redirect($_SERVER['HTTP_REFERER'], null); |
146: $referrer = parse_url($_SERVER['HTTP_REFERER']); | |
147: // Remove www subdomain if it exists | |
148: if (strpos($referrer['host'], 'www.') === 0) | |
149: $referrer['host'] = substr($referrer['host'], 4); | |
150: | |
151: // Make sure the path component exists | |
152: if (!isset($referrer['path'])) | |
153: $referrer['path'] = ''; | |
154: | |
155: $valid = parse_url(get_base_url()); | |
156: // Remove www subdomain if it exists | |
157: if (strpos($valid['host'], 'www.') === 0) | |
158: $valid['host'] = substr($valid['host'], 4); | |
159: | |
160: // Make sure the path component exists | |
161: if (!isset($valid['path'])) | |
162: $valid['path'] = ''; | |
163: | |
164: if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path'])) | |
165: $redirect_url = $_SERVER['HTTP_REFERER']; | |
166: } | |
167: | 149: |
168: if (!isset($redirect_url)) | 150: if (!isset($redirect_url)) |
169: $redirect_url = 'profile.php?id='.$recipient_id; | 151: $redirect_url = 'profile.php?id='.$recipient_id; |
a/profile.php |
b/profile.php |
55: message($lang_profile['Pass key bad'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.'); | 55: message($lang_profile['Pass key bad'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.'); |
56: else | 56: else |
57: { | 57: { |
58: $db->query('UPDATE '.$db->prefix.'users SET password=\''.$cur_user['activate_string'].'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); | 58: $db->query('UPDATE '.$db->prefix.'users SET password=\''.$db->escape($cur_user['activate_string']).'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); |
59: | 59: |
60: message($lang_profile['Pass updated'], true); | 60: message($lang_profile['Pass updated'], true); |
61: } | 61: } |