mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-09 06:06:09 +00:00
Merge pull request #43 from bram1000/master
Fix CVE-2023-36993, CVE-2023-36994, CVE-2023-36995
This commit is contained in:
@@ -82,6 +82,7 @@ class adm_DB {
|
||||
$bcrypted = false;
|
||||
}
|
||||
|
||||
$username = htmlspecialchars($username);
|
||||
if($pwOk) {
|
||||
// update password to bcrypt, if correct
|
||||
if (!$dbarray['is_bcrypt'] && !$bcrypted) {
|
||||
|
||||
@@ -3016,6 +3016,8 @@ class MYSQLi_DB implements IDbConnection {
|
||||
|
||||
function setAlliName($aid, $name, $tag) {
|
||||
list($aid, $name, $tag) = $this->escape_input((int) $aid, $name, $tag);
|
||||
$name = $this->RemoveXSS($name);
|
||||
$tag = $this->RemoveXSS($tag);
|
||||
|
||||
$q = "UPDATE " . TB_PREFIX . "alidata set name = '$name', tag = '$tag' where id = $aid";
|
||||
return mysqli_query($this->dblink,$q);
|
||||
@@ -3109,6 +3111,8 @@ class MYSQLi_DB implements IDbConnection {
|
||||
*****************************************/
|
||||
function createAlliance($tag, $name, $uid, $max) {
|
||||
list($tag, $name, $uid, $max) = $this->escape_input($tag, $name, (int) $uid, (int) $max);
|
||||
$tag = $this->RemoveXSS($tag);
|
||||
$name = $this->RemoveXSS($name);
|
||||
|
||||
$q = "INSERT into " . TB_PREFIX . "alidata values (0,'$name','$tag',$uid,0,0,0,'','',$max,0,0,0,0,0,0,0,0,0)";
|
||||
mysqli_query($this->dblink,$q);
|
||||
|
||||
@@ -18,7 +18,7 @@ class MyGenerator {
|
||||
public function generateRandStr($length){
|
||||
$randstr = "";
|
||||
for($i = 0; $i < $length; $i++){
|
||||
$randnum = mt_rand(0, 61);
|
||||
$randnum = random_int(0, 61);
|
||||
if($randnum < 10) $randstr .= chr($randnum + 48);
|
||||
else if($randnum < 36) $randstr .= chr($randnum + 55);
|
||||
else $randstr .= chr($randnum + 61);
|
||||
|
||||
@@ -163,7 +163,7 @@
|
||||
private function getStart($search) {
|
||||
$multiplier = 1;
|
||||
if(!is_numeric($search)) {
|
||||
$_SESSION['search'] = $search;
|
||||
$_SESSION['search'] = htmlspecialchars($search);
|
||||
} else {
|
||||
if($search > count($this->rankarray)) {
|
||||
$search = count($this->rankarray) - 1;
|
||||
@@ -172,8 +172,8 @@
|
||||
$multiplier += 1;
|
||||
}
|
||||
$start = 20 * $multiplier - 19 - 1;
|
||||
$_SESSION['search'] = $search;
|
||||
$_SESSION['start'] = $start;
|
||||
$_SESSION['search'] = htmlspecialchars($search);
|
||||
$_SESSION['start'] = htmlspecialchars($start);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -36,12 +36,12 @@ if($_POST) {
|
||||
|
||||
if(substr($key, 0, 8) == 'linkname') {
|
||||
$i = substr($key, 8);
|
||||
$links[$i]['linkname'] = mysqli_real_escape_string($database->dblink, $value);
|
||||
$links[$i]['linkname'] = htmlspecialchars(mysqli_real_escape_string($database->dblink, $value));
|
||||
}
|
||||
|
||||
if(substr($key, 0, 8) == 'linkziel') {
|
||||
$i = substr($key, 8);
|
||||
$links[$i]['linkziel'] = mysqli_real_escape_string($database->dblink, $value);
|
||||
$links[$i]['linkziel'] = htmlspecialchars(mysqli_real_escape_string($database->dblink, $value));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,6 +12,10 @@
|
||||
// don't let SQL time out when 30-500 seconds (depending on php.ini) is not enough
|
||||
@set_time_limit(0);
|
||||
|
||||
if (file_exists("../var/installed")) {
|
||||
die("<span class='f18 c5'>ERROR!</span><br />Installation appears to have been completed.<br />If this is an error remove /var/installed file in install directory.");
|
||||
}
|
||||
|
||||
class Process {
|
||||
|
||||
function __construct() {
|
||||
|
||||
@@ -186,7 +186,7 @@ Element.implement({
|
||||
<tbody>
|
||||
<tr class="top">
|
||||
<th><?php echo NAME; ?></th>
|
||||
<td><input class="text" type="text" name="user" value="<?php echo stripslashes(stripslashes(stripslashes($form->getDiff("user",$_COOKIE['COOKUSR'])))); ?>" maxlength="30" autocomplete='off' /> <span class="error"> <?php echo $form->getError("user"); ?></span></td>
|
||||
<td><input class="text" type="text" name="user" value="<?php echo htmlspecialchars($form->getDiff("user",$_COOKIE['COOKUSR'])); ?>" maxlength="30" autocomplete='off' /> <span class="error"> <?php echo $form->getError("user"); ?></span></td>
|
||||
</tr>
|
||||
<tr class="btm">
|
||||
<th><?php echo PASSWORD; ?></th>
|
||||
|
||||
Reference in New Issue
Block a user