Bravo List - Yuna Scatari v2.2 PRE7 By kp380lv

Bravo List (http://www.bvlist.com/index.php)

- Yuna Scatari Edition (YSE) (http://www.bvlist.com/forumdisplay.php?f=22)

- - Yuna Scatari v2.2 PRE7 By kp380lv - Hotfixes (http://www.bvlist.com/showthread.php?t=2408)

kp380lv

9th April 2009 08:53

Yuna Scatari v2.2 PRE7 By kp380lv - Hotfixes

Potential dangerous XSS hole in simpaty.php

Find this:

Code:

And replace with this:

Code:

Then in simpaty.php find this:

Code:

$type = $_GET['type'

And replace with:

Code:

$type = htmlentities($_GET['type']);

index.php - (Blind SQL Injection in index.php)

Find this:

Code:

$choice = $_POST["choice"];

Replace with:

Code:

$choice = (int) $_POST["choice"];

This list still be updated!!!

ampedm

9th April 2009 10:56

Thanks for these!

I was wondering if you also fixed the following bugs i reported here:

http://bvlist.com/yuna-scatari/431-y...html#post10216

kp380lv

19th April 2009 11:28

In functions.php find this:

Code:

if ((DEBUG_MODE || isset($_GET["yuna"])) && count($query_stat)) {

And replace with this:

Code:

if ((DEBUG_MODE) && count($query_stat)) {

slayer

26th August 2009 09:15

Fix

1. comment.php (line 104) $commentid = (int) $_GET["cid"]; ;
2. email-gateway.php(line 31) If ($subject == "") $subject = "(No subject)";
3. message.php (line 361) sttderr($tracker_lang['error'], $message_lang['addedtoblacklist']);
4. message.php (line 432) $n_pms = 0 + $_POST['n_pms'];['n_pms'];

Enjoy!

All times are GMT +2. The time now is 02:04.