diff options
| author | Hari Sankar R <hsr@theinglorio.us> | 2012-04-03 22:15:59 +0530 |
|---|---|---|
| committer | Hari Sankar R <hsr@theinglorio.us> | 2012-04-03 22:15:59 +0530 |
| commit | 084e1ae5603f4204945d25afcfabaeb1198df20f (patch) | |
| tree | 64bd11fbfe0e24dbe4c6f57deb75d62c11119dae /phpBB | |
| parent | 3477b5e5a8c419f28d477a4764f5d29f3b04dc79 (diff) | |
| download | forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.gz forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.bz2 forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.xz forums-084e1ae5603f4204945d25afcfabaeb1198df20f.zip | |
[ticket/10561] All users can choose deactivated styles (fixed).
A form exploit enabled the users to select a deactivated
style. Fixed with extra check on submit, with a new function
styles_verify to check if the selected style is activated or not.
PHPBB3-10561
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/functions.php | 18 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_prefs.php | 3 |
2 files changed, 20 insertions, 1 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0320230a7d..530638c56b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1239,6 +1239,24 @@ function style_select($default = '', $all = false) } /** +* Check if style is activated +*/ +function style_verify($style_id = 0) +{ + global $db; + + $sql = 'SELECT style_id, style_active + FROM ' . STYLES_TABLE . " + WHERE style_id = $style_id"; + $result = $db->sql_query($sql); + + $style_verified = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + return $style_verified['style_active']; +} + +/** * Pick a timezone */ function tz_select($default = '', $truncate = false) diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 13167b2b3d..0df8acd5af 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -61,7 +61,8 @@ class ucp_prefs if ($submit) { - $data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style']; + $data['style'] = ($config['override_user_style']) ? $config['default_style'] : + (style_verify($data['style']) ? $data['style'] : ((int) $user->data['user_style'])); $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), |