Score
0
Watch 694 Star 1.9K Fork 1K

Discuz! / DiscuzXPHP

Merged
!251 修复 admincp_misc.php SQL注入漏洞

老周部落:PR_Fix_Issue_IXUGD_V2Discuz!:master

老周部落 Created on: 2019-11-08 11:58
bug
Reviewer: 134128_discuzx 134400_3dming 146896_lootan 1157835_comsenzdiscuz 5247157_oldhuhu   Tester: 5247157_oldhuhu

修复 admincp_misc.php SQL注入漏洞

关联issue:#IXUGD:DiscuzX 3.4 admincp_misc.php SQL注入漏洞

已按照官方意见修复,感谢官方支持我们逐步定位并解决此问题。

(与第一个PR来对比的话,与其说我来修,不如说官方修的......)

0 comments, 1 participants 1773794_laozhoubuluo

Show action logs Hide action logs
oldhu merged Pull Request 2019-11-08 12:07
oldhu test passed 2019-11-08 12:07
oldhu check passed 2019-11-08 12:06
老周部落 assigned tester oldhu 2019-11-08 11:58
老周部落 assigned reviewer oldhu 2019-11-08 11:58
老周部落 assigned reviewer monkeye 2019-11-08 11:58
老周部落 assigned reviewer Discuz! 2019-11-08 11:58
老周部落 assigned reviewer LooTan 2019-11-08 11:58
老周部落 assigned reviewer comsenz-service 2019-11-08 11:58
老周部落 assigned reviewer DiscuzX 2019-11-08 11:58
老周部落 added label bug 2019-11-08 11:58

Sign in to comment

2019-11-08

(1)
1 changed files ,commit stats: +6 -6
upload/source/admincp/admincp_misc.php
@@ -536,7 +536,7 @@ var rowtypedata = [
if(is_array($_GET['typename'])) {
foreach($_GET['typename'] AS $key => $val) {
if(!$_GET['delete'][$key] && !empty($val)) {
DB::update("common_word_type", array('typename' => $val), "`id` = '$key'");
DB::update("common_word_type", array('typename' => $val), DB::field("id", $key));
}
}
}
@@ -716,7 +716,7 @@ EOT;
'find' => $_GET['find'][$id],
'replacement' => $_GET['replace'][$id],
'type' => $_GET['wordtype_select'][$id],
), "id='$id' AND ('{$_G['adminid']}'='1' OR admin='{$_G['username']}')");
), DB::field("id", $id)." AND ('{$_G['adminid']}'='1' OR admin='{$_G['username']}')");
}
}
@@ -1009,7 +1009,7 @@ var rowtypedata = [
DB::update('forum_attachtype', array(
'extension' => $_GET['extension'][$id],
'maxsize' => $_GET['maxsize'][$id] * 1024,
), "id='$id'");
), DB::field("id", $id));
}
}
@@ -1119,7 +1119,7 @@ var rowtypedata = [
if(empty($_GET['availablenew'][$id])) {
$newcron['nextrun'] = '0';
}
DB::update('common_cron', $newcron, "cronid='$id'");
DB::update('common_cron', $newcron, DB::field("cronid", $id));
}
}
@@ -1166,7 +1166,7 @@ var rowtypedata = [
} else {
$cronid = empty($_GET['run']) ? $_GET['edit'] : $_GET['run'];
$cron = DB::fetch_first("SELECT * FROM ".DB::table('common_cron')." WHERE cronid='$cronid'");
$cron = DB::fetch_first("SELECT * FROM ".DB::table('common_cron')." WHERE ".DB::field("cronid", $cronid));
if(!$cron) {
cpmsg('cron_not_found', '', 'error');
}
@@ -1262,7 +1262,7 @@ var rowtypedata = [
'hour' => $_GET['hournew'],
'minute' => $minutenew,
'filename' => trim($_GET['filenamenew']),
), "cronid='$cronid'");
), DB::field("cronid", $cronid));
discuz_cron::run($cronid);
PHP
1
https://gitee.com/ComsenzDiscuz/DiscuzX.git
git@gitee.com:ComsenzDiscuz/DiscuzX.git
ComsenzDiscuz
DiscuzX
DiscuzX

Help Search

191139_cd20d5fd_5186603 191143_ebef6f8d_5186603