mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Security fixes from Tim Coen (file upload, comment token escaping, 2k11 js comment name escaping)

Browse Source
This commit is contained in:
Garvin Hicking
2015-07-24 13:27:21 +02:00
parent c4f9b721e7
commit 00be5d7b4c
7 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/admin/comments.inc.php
View File

@ -19,7 +19,7 @@ $msg = '';
if ($serendipity['POST']['formAction'] == 'multiDelete' && sizeof($serendipity['POST']['delete']) != 0 && serendipity_checkFormToken()) {
if ($serendipity['POST']['togglemoderate'] != '') {
foreach ( $serendipity['POST']['delete'] as $k => $v ) {
$ac = serendipity_approveComment($k, $v, false, 'flip');
$ac = serendipity_approveComment((int)$k, (int)$v, false, 'flip');
if ($ac > 0) {
$msg .= DONE . ': '. sprintf(COMMENT_APPROVED, (int)$k);
} else {
@ -87,7 +87,7 @@ if (isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminActio
if ($rs === false) {
$errormsg .= ERROR .': '. sprintf(COMMENT_ALREADY_APPROVED, (int)$serendipity['GET']['id']);
} else {
serendipity_approveComment($serendipity['GET']['id'], $rs['entry_id']);
serendipity_approveComment((int)$serendipity['GET']['id'], (int)$rs['entry_id']);
$msg .= DONE . ': '. sprintf(COMMENT_APPROVED, (int)$serendipity['GET']['id']);
}
}
@ -103,7 +103,7 @@ if (isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminActio
if ($rs === false) {
$errormsg .= ERROR .': '. sprintf(COMMENT_ALREADY_APPROVED, (int)$serendipity['GET']['id']);
} else {
serendipity_approveComment($serendipity['GET']['id'], $rs['entry_id'], true, true);
serendipity_approveComment((int)$serendipity['GET']['id'], (int)$rs['entry_id'], true, true);
$msg .= DONE . ': '. sprintf(COMMENT_MODERATED, (int)$serendipity['GET']['id']);
}
}