Postanowiłem, napisać mały spis tutorial, zabezpieczeń jakie znalazłem bądź sam zrobiłem.
1. Modyfikacja zapobiega przechwyceniu sesji i dopisuje IP do hasła przed zahashowaniem.
otwórz plik takelogin.php
znajdź
logincookie($row["id"], $row["passhash"]);zamień na
$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
logincookie($row["id"], $passh);otwórz plik bittorrent.php funkcja userlogin()
znajdź
if ($_COOKIE["pass"] !== $row["passhash"])zamień na
if ($_COOKIE["pass"] !== md5($row["passhash"].$_SERVER["REMOTE_ADDR"]))otwórz plik takeprofedit.php
znajdź
logincookie($CURUSER["id"], $passhash);zamień na
logincookie($CURUSER["id"], md5($passhash.$_SERVER["REMOTE_ADDR"]));2.utwórz plik ctracker.php i wrzuć go do katalogu /include
<?php
$cracktrack = $_SERVER['QUERY_STRING'];
$wormprotector = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
'$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20',
'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
'/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '/usr/X11R6/bin/xterm', 'lsof%20',
'/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history',
'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
'<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', ?>', 'sql=');
$checkworm = str_replace($wormprotector, '*', $cracktrack);
if ($cracktrack != $checkworm)
{
$cremotead = $_SERVER['REMOTE_ADDR'];
$cuseragent = $_SERVER['HTTP_USER_AGENT'];
$fp = fopen ('./log.txt', 'a');
fwrite ($fp, 'Blocked attack from: IP - ' . $_SERVER['REMOTE_ADDR'] . ' User Agent - ' . $_SERVER['HTTP_USER_AGENT'] . '
');
fclose ($fp);
die( "Wykryto atak! <br /><br /><b>Twój atak został zablokowany:</b><br />$cremotead - $cuseragent" );
}
//
// End CrackerTracker StandAlone
//
?>otwórz plik bittorrent.php
znajdź
<?dodaj po tym
include "ctracker.php";utwórz jeszcze plik log.txt i wrzuć go również do katalogu /include, nadaj mu chmody na 777
3.utwórz plik class.inputfilter_clean.php i wrzuć go do katalogu /include
<?php
class InputFilter {
var $tagsArray;
var $attrArray;
var $tagsMethod;
var $attrMethod;
var $xssAuto;
var $tagBlacklist = array('applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml');
var $attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc');
function inputFilter($tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1) {
for ($i = 0; $i < count($tagsArray); $i++) $tagsArray[$i] = strtolower($tagsArray[$i]);
for ($i = 0; $i < count($attrArray); $i++) $attrArray[$i] = strtolower($attrArray[$i]);
$this->tagsArray = (array) $tagsArray;
$this->attrArray = (array) $attrArray;
$this->tagsMethod = $tagsMethod;
$this->attrMethod = $attrMethod;
$this->xssAuto = $xssAuto;
}
function process($source) {
if (is_array($source)) {
foreach($source as $key => $value)
if (is_string($value)) $source[$key] = $this->remove($this->decode($value));
return $source;
} else if (is_string($source)) {
return $this->remove($this->decode($source));
} else return $source;
}
function remove($source) {
$loopCounter=0;
while($source != $this->filterTags($source)) {
$source = $this->filterTags($source);
$loopCounter++;
}
return $source;
}
function filterTags($source) {
$preTag = NULL;
$postTag = $source;
$tagOpen_start = strpos($source, '<');
while($tagOpen_start !== FALSE) {
$preTag .= substr($postTag, 0, $tagOpen_start);
$postTag = substr($postTag, $tagOpen_start);
$fromTagOpen = substr($postTag, 1);
$tagOpen_end = strpos($fromTagOpen, '>');
if ($tagOpen_end === false) break;
$tagOpen_nested = strpos($fromTagOpen, '<');
if (($tagOpen_nested !== false) && ($tagOpen_nested < $tagOpen_end)) {
$preTag .= substr($postTag, 0, ($tagOpen_nested+1));
$postTag = substr($postTag, ($tagOpen_nested+1));
$tagOpen_start = strpos($postTag, '<');
continue;
}
$tagOpen_nested = (strpos($fromTagOpen, '<') + $tagOpen_start + 1);
$currentTag = substr($fromTagOpen, 0, $tagOpen_end);
$tagLength = strlen($currentTag);
if (!$tagOpen_end) {
$preTag .= $postTag;
$tagOpen_start = strpos($postTag, '<');
}
$tagLeft = $currentTag;
$attrSet = array();
$currentSpace = strpos($tagLeft, ' ');
if (substr($currentTag, 0, 1) == "/") {
$isCloseTag = TRUE;
list($tagName) = explode(' ', $currentTag);
$tagName = substr($tagName, 1);
} else {
$isCloseTag = FALSE;
list($tagName) = explode(' ', $currentTag);
}
if ((!preg_match("/^[a-z][a-z0-9]*$/i",$tagName)) || (!$tagName) || ((in_array(strtolower($tagName), $this->tagBlacklist)) && ($this->xssAuto))) {
$postTag = substr($postTag, ($tagLength + 2));
$tagOpen_start = strpos($postTag, '<');
continue;
}
while ($currentSpace !== FALSE) {
$fromSpace = substr($tagLeft, ($currentSpace+1));
$nextSpace = strpos($fromSpace, ' ');
$openQuotes = strpos($fromSpace, '"');
$closeQuotes = strpos(substr($fromSpace, ($openQuotes+1)), '"') + $openQuotes + 1;
if (strpos($fromSpace, '=') !== FALSE) {
if (($openQuotes !== FALSE) && (strpos(substr($fromSpace, ($openQuotes+1)), '"') !== FALSE))
$attr = substr($fromSpace, 0, ($closeQuotes+1));
else $attr = substr($fromSpace, 0, $nextSpace);
} else $attr = substr($fromSpace, 0, $nextSpace);
if (!$attr) $attr = $fromSpace;
$attrSet[] = $attr;
$tagLeft = substr($fromSpace, strlen($attr));
$currentSpace = strpos($tagLeft, ' ');
}
$tagFound = in_array(strtolower($tagName), $this->tagsArray);
if ((!$tagFound && $this->tagsMethod) || ($tagFound && !$this->tagsMethod)) {
if (!$isCloseTag) {
$attrSet = $this->filterAttr($attrSet);
$preTag .= '<' . $tagName;
for ($i = 0; $i < count($attrSet); $i++)
$preTag .= ' ' . $attrSet[$i];
if (strpos($fromTagOpen, "</" . $tagName)) $preTag .= '>';
else $preTag .= ' />';
} else $preTag .= '</' . $tagName . '>';
}
$postTag = substr($postTag, ($tagLength + 2));
$tagOpen_start = strpos($postTag, '<');
}
$preTag .= $postTag;
return $preTag;
}
function filterAttr($attrSet) {
$newSet = array();
for ($i = 0; $i <count($attrSet); $i++) {
if (!$attrSet[$i]) continue;
$attrSubSet = explode('=', trim($attrSet[$i]));
list($attrSubSet[0]) = explode(' ', $attrSubSet[0]);
if ((!eregi("^[a-z]*$",$attrSubSet[0])) || (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on'))))
continue;
if ($attrSubSet[1]) {
$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
$attrSubSet[1] = preg_replace('/\s+/', '', $attrSubSet[1]);
$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'"))
$attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2));
$attrSubSet[1] = stripslashes($attrSubSet[1]);
}
if ( ((strpos(strtolower($attrSubSet[1]), 'expression') !== false) && (strtolower($attrSubSet[0]) == 'style')) ||
(strpos(strtolower($attrSubSet[1]), 'javascript:') !== false) ||
(strpos(strtolower($attrSubSet[1]), 'behaviour:') !== false) ||
(strpos(strtolower($attrSubSet[1]), 'vbscript:') !== false) ||
(strpos(strtolower($attrSubSet[1]), 'mocha:') !== false) ||
(strpos(strtolower($attrSubSet[1]), 'livescript:') !== false)
) continue;
$attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod)) {
if ($attrSubSet[1]) $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
else if ($attrSubSet[1] == "0") $newSet[] = $attrSubSet[0] . '="0"';
else $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"';
}
}
return $newSet;
}
function decode($source) {
$source = html_entity_decode($source, ENT_QUOTES, "ISO-8859-1");
$source = preg_replace('/&#(\d+);/me',"chr(\\1)", $source);
$source = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)", $source);
return $source;
}
function safeSQL($source, &$connection) {
if (is_array($source)) {
foreach($source as $key => $value)
if (is_string($value)) $source[$key] = $this->quoteSmart($this->decode($value), $connection);
return $source;
} else if (is_string($source)) {
if (is_string($source)) return $this->quoteSmart($this->decode($source), $connection);
} else return $source;
}
function quoteSmart($source, &$connection) {
if (get_magic_quotes_gpc()) $source = stripslashes($source);
$source = $this->escapeString($source, $connection);
return $source;
}
function escapeString($string, &$connection) {
if (version_compare(phpversion(),"4.3.0", "<")) mysql_escape_string($string);
else mysql_real_escape_string($string);
return $string;
}
}
?>otwórz plik bittorrent.php
znajdź
include "ctracker.php";dodaj po tym
require_once("class.inputfilter_clean.php");
$myFilter = new InputFilter($tags, $attributes, 0, 0); // Invoke it
// works with strings or arrays of strings
$_POST = $myFilter->process($_POST);
$_GET["name"] = $myFilter->process($_GET["name"]);3. System zabezpiecza przed włamaniem, jeśli ktoś da sobie np. sysopa automatycznie dostaje bana i nie ma nigdzie dostępu
otwórz plik bittorrent.php
znajdź
require_once("secrets.php");
require_once("cleanup.php");dodaj po tym
//---------------------------------
//---- Max. Sysops v0.2 by xam
//---------------------------------
function maxsysop () {
global $CURUSER;
$lmaxclass = 5; // Minimalna ranga od jakiej ma to obowiazywac (zalecam, mod, admin, sysop, czyli podajemy numerek jaki ma moderator)
$lsysopnames = array("Sysop", "admin", "mod", "mod2"); // Lista osób ktore sa leganie w zalodze.
if ($CURUSER["class"] >= $lmaxclass)
if (!in_array($CURUSER["username"], $lsysopnames)){
mysql_query("UPDATE users set enabled='no' WHERE id=$CURUSER[id]");
stderr("Przepraszamy","Korzystasz z nie dozwolonego konta, dlatego zostałe¶ zbanowany, papa :)");
}
}
//---------------------------------
//---- Max. Sysops v0.2 by xam
//---------------------------------i dodaj w plikach do których ma dostęp tylko załoga
maxsysop ();dodaj to zaraz po
require "include/bittorrent.php";
dbconn();4. Te zmiany zabezpieczają przed przejęciem passhash'a, zabezpiecza ciasteczka, dodaje jeszcze jedno.
otwórz plik bittorrent.php
znajdź
/*
function logincookie($id, $password, $secret, $updatedb = 1, $expires = 0x7fffffff) {
$md5 = md5($secret . $password . $secret);
setcookie("uid", $id, $expires, "/");
setcookie("pass", $md5, $expires, "/");
if ($updatedb)
mysql_query("UPDATE users SET last_login = NOW() WHERE id = $id");
}
*/dodaj przed tym
function hashit($var,$addtext="")
{
return md5("Some ".$addtext.$var.$addtext." text to mix the hash...");
}znajdź
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
{
setcookie("uid", $id, $expires, "/");
setcookie("pass", $passhash, $expires, "/");
if ($updatedb)
mysql_query("UPDATE users SET last_login = NOW() WHERE id = $id");
}
function logoutcookie() {
setcookie("uid", "", 0x7fffffff, "/");
setcookie("pass", "", 0x7fffffff, "/");
}zamień na
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
{
setcookie("uid", $id, $expires, "/");
setcookie("pass", $passhash, $expires, "/");
setcookie("hashv", hashit($id,$passhash), $expires, "/");
if ($updatedb)
mysql_query("UPDATE users SET last_login = NOW() WHERE id = $id");
}
function logoutcookie() {
setcookie("uid", "", 0x7fffffff, "/");
setcookie("pass", "", 0x7fffffff, "/");
setcookie("hashv", "", 0x7fffffff, "/");
}znajdź
if (!$SITE_ONLINE || empty($_COOKIE["uid"]) || empty($_COOKIE["pass"]))
return;
$id = 0 + $_COOKIE["uid"];
if (!$id || strlen($_COOKIE["pass"]) != 32)
return;zamień na
if (!$SITE_ONLINE || empty($_COOKIE["uid"]) || empty($_COOKIE["pass"]) || empty($_COOKIE["hashv"]))
return;
$id = 0 + $_COOKIE["uid"];
if (!$id OR (strlen($_COOKIE["pass"]) != 32) OR ($_COOKIE["hashv"] != hashit($id,$_COOKIE["pass"])))
return;5. i Teraz dziury w plikach.
otwórz plik adduser.php
znajdź
header("Location: $BASEURL/userdetails.php?id=$arr[0]");zamień na
header("Location: $BASEURL/userdetails.php?id=".htmlspecialchars($arr[0]));otwórz plik comment.php
znajdź
$returnto = $_POST["returnto"];zamień na
$returnto = htmlentities($_POST["returnto"]) ? htmlentities($_POST["returnto"]) : htmlentities($_SERVER["HTTP_REFERER"]);znajdź
value=\"" . $_SERVER["HTTP_REFERER"] . "\" />\n");zamień na
value=\"" . htmlentities($_SERVER["HTTP_REFERER"]) . "\" />\n");znajdź
$returnto = $_GET["returnto"];zamień na
$returnto = $_GET["returnto"] ? htmlentities($_GET["returnto"]) : htmlentities($_SERVER["HTTP_REFERER"]);znajdź
$returnto = $_SERVER["HTTP_REFERER"];zamień na
$returnto = htmlentities($_SERVER["HTTP_REFERER"]);otwórz plik forums.php
znajdź
$action = $_GET["action"];zamień na
$action = htmlspecialchars(trim($_GET["action"]));znajdź
$res = mysql_query("SELECT minclassread, minclasswrite, minclasscreate FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);zamień na
$res = mysql_query("SELECT minclassread, minclasswrite, minclasscreate FROM forums WHERE id=".mysql_real_escape_string($forumid)) or sqlerr(__FILE__, __LINE__);znajdź
$res = mysql_query("SELECT forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);zamień na
$res = mysql_query("SELECT forumid FROM topics WHERE id=".mysql_real_escape_string($topicid)) or sqlerr(__FILE__, __LINE__);znajdź
$res = mysql_query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);zamień na
$res = mysql_query("SELECT id FROM posts WHERE topicid=".mysql_real_escape_string($topicid)." ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);znajdź
mysql_query("UPDATE topics SET lastpost=$postid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);zamień na
mysql_query("UPDATE topics SET lastpost=$postid WHERE id=".mysql_real_escape_string($topicid)) or sqlerr(__FILE__, __LINE__);znajdź
$res = mysql_query("SELECT lastpost FROM topics WHERE forumid=$forumid ORDER BY lastpost DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);zamień na
$res = mysql_query("SELECT lastpost FROM topics WHERE forumid=".mysql_real_escape_string($forumid)." ORDER BY lastpost DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);znajdź
$res = mysql_query("SELECT name FROM forums WHERE id=$id") or sqlerr(__FILE__, __LINE__);zamień na
$res = mysql_query("SELECT name FROM forums WHERE id=".mysql_real_escape_string($id)) or sqlerr(__FILE__, __LINE__);znajdź
$res = mysql_query("SELECT * FROM topics WHERE id=$id") or sqlerr(__FILE__, __LINE__);zamień na
$res = mysql_query("SELECT * FROM topics WHERE id=".mysql_real_escape_string($id)) or sqlerr(__FILE__, __LINE__);znajdź
$postres = mysql_query("SELECT * FROM posts WHERE topicid=$id ORDER BY id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);zamień na
$postres = mysql_query("SELECT * FROM posts WHERE topicid=".mysql_real_escape_string($id)." ORDER BY id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);znajdź
$keywords = trim($_GET["keywords"]);zamień na
$keywords = htmlspecialchars(trim($_GET["keywords"]));otwórz plik index.php
znajdź
$res = mysql_query("SELECT * FROM pollanswers WHERE pollid=$pollid && userid=$userid") or sqlerr();zamień na
$res = mysql_query("SELECT * FROM pollanswers WHERE pollid=".mysql_real_escape_string($pollid)." && userid=".mysql_real_escape_string($userid)) or sqlerr();znajdź
mysql_query("INSERT INTO pollanswers VALUES(0, $pollid, $userid, $choice)") or sqlerr();zamień na
mysql_query("INSERT INTO pollanswers VALUES(0, ".mysql_real_escape_string($pollid).", ".mysql_real_escape_string($userid).", ".mysql_real_escape_string($choice).")") or sqlerr(__FILE__, __LINE__);otwórz plik makepoll.php
znajdź
$question = $_POST["question"];
$option0 = $_POST["option0"];
$option1 = $_POST["option1"];
$option2 = $_POST["option2"];
$option3 = $_POST["option3"];
$option4 = $_POST["option4"];
$option5 = $_POST["option5"];
$option6 = $_POST["option6"];
$option7 = $_POST["option7"];
$option8 = $_POST["option8"];
$option9 = $_POST["option9"];
$option10 = $_POST["option10"];
$option11 = $_POST["option11"];
$option12 = $_POST["option12"];
$option13 = $_POST["option13"];
$option14 = $_POST["option14"];
$option15 = $_POST["option15"];
$option16 = $_POST["option16"];
$option17 = $_POST["option17"];
$option18 = $_POST["option18"];
$option19 = $_POST["option19"];
$sort = (int)$_POST["sort"];zamień na
$question = htmlspecialchars($_POST["question"]);
$option0 = htmlspecialchars($_POST["option0"]);
$option1 = htmlspecialchars($_POST["option1"]);
$option2 = htmlspecialchars($_POST["option2"]);
$option3 = htmlspecialchars($_POST["option3"]);
$option4 = htmlspecialchars($_POST["option4"]);
$option5 = htmlspecialchars($_POST["option5"]);
$option6 = htmlspecialchars($_POST["option6"]);
$option7 = htmlspecialchars($_POST["option7"]);
$option8 = htmlspecialchars($_POST["option8"]);
$option9 = htmlspecialchars($_POST["option9"]);
$option10 = htmlspecialchars($_POST["option10"]);
$option11 = htmlspecialchars($_POST["option11"]);
$option12 = htmlspecialchars($_POST["option12"]);
$option13 = htmlspecialchars($_POST["option13"]);
$option14 = htmlspecialchars($_POST["option14"]);
$option15 = htmlspecialchars($_POST["option15"]);
$option16 = htmlspecialchars($_POST["option16"]);
$option17 = htmlspecialchars($_POST["option17"]);
$option18 = htmlspecialchars($_POST["option18"]);
$option19 = htmlspecialchars($_POST["option19"]);
$sort = htmlspecialchars($_POST["sort"]);znajdź
<input type=hidden name=returnto value=<?=$_GET["returnto"]?>>zamień na
<input type=hidden name=returnto value="<?=htmlentities($_GET["returnto"]) ? htmlentities($_GET["returnto"]) : htmlentities($_SERVER["HTTP_REFERER"])?>">otwórz plik redir.php
znajdź
print("$url</h2></td></tr></table></body></html>\n");zamień na
print(htmlspecialchars($url)."</h2></td></tr></table></body></html>\n");otwórz plik takeupload.php
znajdź
header("Location: $BASEURL/details.php?id=$id&uploaded=1");zamień na
header("Location: $BASEURL/details.php?id=".htmlspecialchars($id)."&uploaded=1");otwórz plik userdetails.php
znajdź
$r = @mysql_query("SELECT * FROM users WHERE id=$id") or sqlerr();zamień na
$r = @mysql_query("SELECT * FROM users WHERE id=".mysql_real_escape_string($id)) or sqlerr();otwórz plik userhistory.php
znajdź
$action = $_GET["action"];zamień na
$action = htmlspecialchars($_GET["action"]);otwórz plik viewsnatches.php
znajdź
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] . "?id=" . $_GET[id] . "&" );zamień na
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] . "?id=" . htmlspecialchars($id) . "&" );znajdź
print("<h1 align=center>Lista userów którzy pobrali torrenta <a href=details.php?id=$_GET[id]><b>$arr3[name]</b></a></h1>\n");zamień na
print("<h1 align=center>Lista userów którzy pobrali torrenta <a href=details.php?id=".htmlspecialchars($id)."><b>$arr3[name]</b></a></h1>\n");otwórz plik delacctadmin.php
znajdź
stderr("Skuces", "Konto <b>$username</b> zostało skasowane pomy¶lnie.");zamień na
stderr("Skuces", "Konto <b>".htmlentities($username)."</b> zostało skasowane pomy¶lnie.");otwórz plik bans.php
znajdź
mysql_query("DELETE FROM bans WHERE id=$remove") or sqlerr();zamień na
mysql_query("DELETE FROM bans WHERE id=".mysql_real_escape_string($remove)) or sqlerr();znajdź
write_log("Ban $remove was removed by $CURUSER[id] ($CURUSER[username])");zamień na
write_log("Ban ".htmlspecialchars($remove)." was removed by $CURUSER[id] ($CURUSER[username])");otwórz plik takeedit.php
znajdź
$res = mysql_query("SELECT owner, filename, save_as FROM torrents WHERE id = $id");zamień na
$res = mysql_query("SELECT owner, filename, save_as FROM torrents WHERE id = ".mysql_real_escape_string($id));otwórz plik takerate.php
znajdź
$res = mysql_query("SELECT owner FROM torrents WHERE id = $id");zamień na
$res = mysql_query("SELECT owner FROM torrents WHERE id = ".mysql_real_escape_string($id));znajdź
$res = mysql_query("INSERT INTO ratings (torrent, user, rating, added) VALUES ($id, " . $CURUSER["id"] . ", $rating, NOW())");zamień na
$res = mysql_query("INSERT INTO ratings (torrent, user, rating, added) VALUES (".mysql_real_escape_string($id).", " . mysql_real_escape_string($CURUSER["id"]) . ", ".mysql_real_escape_string($rating).", NOW())");znajdź
mysql_query("UPDATE torrents SET numratings = numratings + 1, ratingsum = ratingsum + $rating WHERE id = $id");zamień na
mysql_query("UPDATE torrents SET numratings = numratings + 1, ratingsum = ratingsum + ".mysql_real_escape_string($rating)." WHERE id = ".mysql_real_escape_string($id));otwórz plik staffmess.php
znajdź
<input type=hidden name=returnto value=<?=$_GET["returnto"] ? $_GET["returnto"] : $_SERVER["HTTP_REFERER"]?>>zamień na
<input type=hidden name=returnto value="<?=htmlentities($_GET["returnto"]) ? htmlentities($_GET["returnto"]) : htmlentities($_SERVER["HTTP_REFERER"])?>">otwórz plik sendmessage.php
znajdź
<input type=hidden name=returnto value=<?=$_GET["returnto"] ? $_GET["returnto"] : $_SERVER["HTTP_REFERER"]?>>zamień na
<input type=hidden name=returnto value="<?=htmlentities($_GET["returnto"]) ? htmlentities($_GET["returnto"]) : htmlentities($_SERVER["HTTP_REFERER"])?>">uff
nie wiem co mi odwaliło że tyle napisałem, ale mam nadzieję że się komuś przyda, wszystkie te zmiany są w moim tbsource najnowszym jak by ktoś pytał. Dobra teraz mogę leniuchować
