Security-Fix groupcp.php und privmsp.php

[oxpus]

Code: Alles auswählen

#
#-----[ OPEN ]----------------------------------------
#
groupcp.php: 

#
#-----[ FIND ]----------------------------------------
#
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) 
{ 
	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; 
} 

#
#-----[ REPLACE WITH ]----------------------------------------
#
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) 
{ 
	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; 
	$mode = htmlspecialchars($mode); 
} 

#
#-----[ FIND ]----------------------------------------
#
					for($i = 0; $i < count($members); $i++) 
					{ 
						$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i]; 
					} 

#
#-----[ REPLACE WITH ]----------------------------------------
#
					for($i = 0; $i < count($members); $i++) 
					{ 
						$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); 
					} 

#
#-----[ OPEN ]----------------------------------------
#
privmsp.pgp

#
#-----[ FIND ]----------------------------------------
#
	$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder']; 

#
#-----[ REPLACE WITH ]----------------------------------------
#
	$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder']; 
	$folder = htmlspecialchars($folder); 

#
#-----[ FIND ]----------------------------------------
#
	$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; 

#
#-----[ REPLACE WITH ]----------------------------------------
#
	$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; 
	$mode = htmlspecialchars($mode); 

[Christian_N]

Ist dieser Security-Fix in ein frisches 2.0.18 noch aktuell ?

[oxpus]

Schau Dir die Dateien doch an.
Ich meine, das ist aufgenommen worden.