lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <38599.166.68.134.174.1109875231.squirrel@166.68.134.174>
Date: Thu, 3 Mar 2005 13:40:31 -0500 (EST)
From: "vzmule" <vzmule@...ever-hack.net>
To: bugtraq@...urityfocus.com
Subject: Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php



// begin original post
Vulnerable:

$allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? (
($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
$allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? (
($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) :
$board_config['allow_bbcode'];
$allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? (
($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) :
$board_config['allow_smilies'];

Fixed:

$allowhtml = ( $board_config['allowhtml']) ) ? TRUE : 0;
$allowbbcode = ( $board_config['allowbbcode']) ) ? TRUE : 0;
$allowsmilies = ( $board_config['allowsmilies']) ) ? TRUE : 0;

// end original post.

I believe you mean:
Fixed:

$allowhtml = ( ($board_config['allowhtml']) ) ? TRUE : 0;
$allowbbcode = ( ($board_config['allowbbcode']) ) ? TRUE : 0;
$allowsmilies = ( ($board_config['allowsmilies']) ) ? TRUE : 0;



Powered by blists - more mailing lists