lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <38599.166.68.134.174.1109875231.squirrel@166.68.134.174> Date: Thu, 3 Mar 2005 13:40:31 -0500 (EST) From: "vzmule" <vzmule@...ever-hack.net> To: bugtraq@...urityfocus.com Subject: Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php // begin original post Vulnerable: $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html']; $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $board_config['allow_bbcode']; $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $board_config['allow_smilies']; Fixed: $allowhtml = ( $board_config['allowhtml']) ) ? TRUE : 0; $allowbbcode = ( $board_config['allowbbcode']) ) ? TRUE : 0; $allowsmilies = ( $board_config['allowsmilies']) ) ? TRUE : 0; // end original post. I believe you mean: Fixed: $allowhtml = ( ($board_config['allowhtml']) ) ? TRUE : 0; $allowbbcode = ( ($board_config['allowbbcode']) ) ? TRUE : 0; $allowsmilies = ( ($board_config['allowsmilies']) ) ? TRUE : 0;
Powered by blists - more mailing lists