Merge pull request #598 from jgen/develop

#597: Fix for XSS issue in chatbox extension.
2017-03-08 10:30:54 +00:00 · 2017-03-08 10:30:54 +00:00 · 72de620b42
commit 72de620b42
parent fefc922070 c379420a1f
2 changed files with 15 additions and 4 deletions
--- a/ext/chatbox/history/index.php
+++ b/ext/chatbox/history/index.php
@ -10,15 +10,23 @@

 	$admin = loggedIn();
 	
+	$log = 1;
+	
 	if (isset($_GET['log']))
+	{
 		$log = $_GET['log'];
+	}
 	
 	if (isset($_POST['log']))
+	{
 		$log = $_POST['log'];
+	}

-	if (!isset($log))
+	if (filter_var($log, FILTER_VALIDATE_INT) === false)
+	{
 		$log = 1;
-		
+	}
+	
 	$ys = ys($log);
 	$posts = $ys->posts();

@ -132,4 +140,4 @@ if (isset($_POST['p'])) {
 			<a id="to-top" href="#top">Back to top</a>
 		</div>
 	</body>
-</html>
+</html>
--- a/ext/chatbox/php/functions.php
+++ b/ext/chatbox/php/functions.php
@ -89,7 +89,10 @@
 		global $yShout, $prefs;
 		if ($yShout) return $yShout;

-		if ($log > $prefs['logs'] || $log < 0 || !is_numeric($log)) $log = 1;
+		if (filter_var($log, FILTER_VALIDATE_INT, array("options" => array("min_range" => 0, "max_range" => $prefs['logs']))) === false)
+		{
+		  $log = 1;
+		}
 		
 		$log = 'log.' . $log;
 		return new YShout($log, loggedIn());