Previous Thread
Next Thread
Print Thread
Hop To
7.5.2 Visitor comments
#224957 03/27/2009 5:09 PM
Joined: Aug 2006
Posts: 1,356
Yarp Offline OP
veteran
OP Offline
veteran
Joined: Aug 2006
Posts: 1,356
In /scripts/profile_comment.inc.php is no security if comments are actually allowed.


[Linked Image from siemons.org]
Re: 7.5.2 Visitor comments
Yarp #224958 03/27/2009 6:04 PM
Joined: Dec 2003
Posts: 6,183
Likes: 28
Online Yawn
Joined: Dec 2003
Posts: 6,183
Likes: 28
Yarp,
Just curious.
Could you expand on no security?


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: 7.5.2 Visitor comments
Ruben #224961 03/27/2009 6:35 PM
Joined: Aug 2006
Posts: 1,356
Yarp Offline OP
veteran
OP Offline
veteran
Joined: Aug 2006
Posts: 1,356
Basicly, if you submit a form to that script, it gets processed. Whether the user has enough posts or not, or whether the feature is on or not.

It does require the submitter to be logged in.


[Linked Image from siemons.org]
Re: 7.5.2 Visitor comments
Ruben #224962 03/27/2009 6:40 PM
Joined: Mar 2008
Posts: 326
Enthusiast
Offline
Enthusiast
Joined: Mar 2008
Posts: 326
Just throw one of these puppies into the script...

[Linked Image]

Security problem solved.

Re: 7.5.2 Visitor comments
DLWebmaestro #224964 03/27/2009 7:23 PM
Joined: Jun 2006
Posts: 391
addict
Offline
addict
Joined: Jun 2006
Posts: 391
Originally Posted by DLWebmaestro
Just throw one of these puppies into the script...

[Linked Image]

Security problem solved.

Works for me!!!! grin


Greg AKA Virgil Earp at the OK Corral
Tombstone, AZ
Re: 7.5.2 Visitor comments
GregK #224980 03/28/2009 3:28 AM
Joined: Aug 2006
Posts: 1,356
Yarp Offline OP
veteran
OP Offline
veteran
Joined: Aug 2006
Posts: 1,356
More bugs found in there.

The scripts that actually modify/delete the comments has code in there to allow admins to edit/delete.
/scripts/showprofile.inc.php however does not show the editlink.

Changed this line:
Code
			if ($c_uid == $user['USER_ID']) {

Code
			if ($c_uid == $user['USER_ID'] || $user['USER_MEMBERSHIP_LEVEL'] == "Administrator") {

Though I would prefer something new or existing from the permission matrix.

Another more severe buglet is also present. The final modify script has no code to disallow an edit by the current profile owner. It just checks if you can "edit or delete", and if you are allowed either, it allows both.

So a profile owner can change the words in a comment.

Dirty Fix: (don't have time now to rebuild the if statement that should check)

find:
Code
		$query = "
			update {$config['TABLE_PREFIX']}PROFILE_COMMENTS
			set COMMENT_BODY = ?,
			COMMENT_DEFAULT_BODY = ?
			where COMMENT_ID = ?
		";
		$dbh -> do_placeholder_query($query,array($Body,$DefaultBody,$id),__LINE__,__FILE__);

Add before:

Code
		if ($poster == $user['USER_ID']) {		
			$html->not_right($ubbt_lang['NO_EDIT']);		
}


Final buglet:
/scripts/showprofile.inc.php does not allow you to post comments on your own profile.
/scripts/profile_comment.inc.php does allow that.


[Linked Image from siemons.org]
Re: 7.5.2 Visitor comments
Yarp #224982 03/28/2009 8:56 AM
Joined: Jul 2006
Posts: 4,062
Offline
Joined: Jul 2006
Posts: 4,062
Bring on 7.5.3

Good catches smile

7.5.2 is too buggy for me to upgrade now IMO


BOOM !! Version v7.6.1.1
People who inspire me Isaac ME Gizmo

Link Copied to Clipboard
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Disaster!!! Files became empty.. Please advise.
by Morgan - 07/27/2020 2:38 PM
Unable to Update Censor List
by BOTCuser - 07/22/2020 9:15 AM
7.7.4 error on rebuilders
by Ruben - 07/21/2020 3:06 PM
[STOCK] UBB.threads Group Image Pack
by isaac - 07/19/2020 9:03 PM
Who's Online Now
3 members (Ruben, Gizmo, 1 invisible), 65 guests, and 55 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.5
(Snapshot build 20200804)