mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Adjust fetchLimit to ensure integer content

Browse Source
This commit is contained in:
Garvin Hicking
2018-07-18 11:59:45 +02:00
parent 19513cdf14
commit 1afc4d929d
3 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/NEWS
View File

@ -35,6 +35,10 @@ Version 2.x.x (major) ()
Version 2.1.3 () Version 2.1.3 ()
------------------------------------------------------------------------ ------------------------------------------------------------------------
* Security: Make sure that the admins configuration for RSS
and blog entry limit is parsed as integer for SQL queries.
Thanks to @oreamnos and Hanno Boeck for reporting!
* Security: Prevent XSS possibility in "edit entries" panel. * Security: Prevent XSS possibility in "edit entries" panel.
Thanks to @oreamnos and Hanno Boeck for reporting! Thanks to @oreamnos and Hanno Boeck for reporting!

2
rss.php
View File

@ -101,7 +101,7 @@ switch ($_GET['type']) {
case 'comments_and_trackbacks': case 'comments_and_trackbacks':
case 'trackbacks': case 'trackbacks':
case 'comments': case 'comments':
$entries = serendipity_fetchComments(isset($_GET['cid']) ? $_GET['cid'] : null, $serendipity['RSSfetchLimit'], 'co.id desc', false, $_GET['type']); $entries = serendipity_fetchComments(isset($_GET['cid']) ? $_GET['cid'] : null, (int)$serendipity['RSSfetchLimit'], 'co.id desc', false, $_GET['type']);
$description = $title . ' - ' . $description; $description = $title . ' - ' . $description;
if (isset($_GET['cid'])) { if (isset($_GET['cid'])) {
$title = $title . ' - ' . COMMENTS_FROM . ' "' . $latest_entry[0]['title'] . '"'; $title = $title . ' - ' . COMMENTS_FROM . ' "' . $latest_entry[0]['title'] . '"';

4
serendipity_config.inc.php
View File

@ -376,6 +376,10 @@ if (isset($_SESSION['serendipityAuthorid'])) {
$serendipity['lang'] = serendipity_getPostAuthSessionLanguage(); $serendipity['lang'] = serendipity_getPostAuthSessionLanguage();
} }
// Ensure that these limits do not contain strings
$serendipity['fetchLimit'] = (int)$serendipity['fetchLimit'];
$serendipity['RSSfetchLimit'] = (int)$serendipity['RSSfetchLimit'];
// Try to fix some path settings. It seems common users have this setting wrong // Try to fix some path settings. It seems common users have this setting wrong
// when s9y is installed into the root directory, especially 0.7.1 upgrade users. // when s9y is installed into the root directory, especially 0.7.1 upgrade users.
if (empty($serendipity['serendipityHTTPPath'])) { if (empty($serendipity['serendipityHTTPPath'])) {