Важно!
Для тех, кто использует данный мод.. я на днях покопался в коде и нашёл кучу возможностей применить XSS.
Ниже выкладываю фикс для версии 0.2.4.
(в принципе подоходит и для ранних версий, для существующих файлов).
weblog.php
Код: Выделить всё
#-----[ FIND ]------------------------------------------------
$page_title = $weblog_data['weblog_name'];
#-----[ REPLACE WITH ]------------------------------------------------
$page_title = strip_tags($weblog_data['weblog_name']);
#-----[ FIND ]------------------------------------------------
$action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $entry_data[$i]['currently_text'] . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . $entry_data[$i]['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data[$i]['currently_text'])) . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data[$i]['currently_text']))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
$action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', $entry_data[$i]['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($entry_data[$i]['currently_text']))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
'SUBJECT' => $entry_data[$i]['entry_subject'],
#-----[ REPLACE WITH ]------------------------------------------------
'SUBJECT' => strip_tags(htmlspecialchars($entry_data[$i]['entry_subject'])),
#-----[ FIND ]------------------------------------------------
'POST_COMMENT' => ( !$entry_data[$i]['no_replies'] ) ? sprintf($weblog_data['post_reply_text'], $entry_data[$i]['entry_replies']) : '',
#-----[ REPLACE WITH ]------------------------------------------------
'POST_COMMENT' => ( !$entry_data[$i]['no_replies'] ) ? sprintf(strip_tags($weblog_data['post_reply_text']), $entry_data[$i]['entry_replies']) : '',
#-----[ FIND ]------------------------------------------------
'REPLIES' => ( !$entry_data[$i]['no_replies'] ) ? sprintf($weblog_data['replies_text'], $entry_data[$i]['entry_replies']) : '',
#-----[ REPLACE WITH ]------------------------------------------------
'REPLIES' => ( !$entry_data[$i]['no_replies'] ) ? sprintf(strip_tags($weblog_data['replies_text']), $entry_data[$i]['entry_replies']) : '',
weblog_entry.php
Код: Выделить всё
#-----[ FIND ]------------------------------------------------
$weblog_name = $weblog_entry_data['weblog_name'];
$entry_subject = $weblog_entry_data['entry_subject'];
#-----[ REPLACE WITH ]------------------------------------------------
$weblog_name = strip_tags($weblog_entry_data['weblog_name']);
$entry_subject = strip_tags(htmlspecialchars($weblog_entry_data['entry_subject']));
#-----[ FIND ]------------------------------------------------
$page_title = $weblog_entry_data['weblog_name'] . ' :: ' . $weblog_entry_data['entry_subject'];
#-----[ REPLACE WITH ]------------------------------------------------
$page_title = strip_tags($weblog_entry_data['weblog_name']) . ' :: ' . strip_tags(htmlspecialchars($weblog_entry_data['entry_subject']));
#-----[ FIND ]------------------------------------------------
$action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $entry_data['currently_text'] . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . $entry_data['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data['currently_text'])) . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data['currently_text']))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
$action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', $entry_data['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($entry_data['currently_text']))) . ' <strong>]</strong>';
weblogs.php
Код: Выделить всё
#-----[ FIND ]------------------------------------------------
$action = sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $last_entry_data['currently_text'] . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . $last_entry_data['currently_text']);
#-----[ REPLACE WITH ]------------------------------------------------
$action = sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($last_entry_data['currently_text'])) . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($last_entry_data['currently_text'])));
#-----[ FIND ]------------------------------------------------
$action = sprintf($lang['Currently:'], '', $last_entry_data['currently_text']);
#-----[ REPLACE WITH ]------------------------------------------------
$action = sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($last_entry_data['currently_text'])));
#-----[ FIND ]------------------------------------------------
$action = sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $last_entry_data['currently_text'] . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . $last_entry_data['currently_text']);
#-----[ REPLACE WITH ]------------------------------------------------
$action = sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($last_entry_data['currently_text'])) . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($last_entry_data['currently_text'])));
#-----[ FIND ]------------------------------------------------
$action = sprintf($lang['Currently:'], '', $last_entry_data['currently_text']);
#-----[ REPLACE WITH ]------------------------------------------------
$action = sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($last_entry_data['currently_text'])));
#-----[ FIND ]------------------------------------------------
'WEBLOG_NAME' => $weblog_data[$i]['weblog_name'],
#-----[ REPLACE WITH ]------------------------------------------------
'WEBLOG_NAME' => strip_tags($weblog_data[$i]['weblog_name']),
weblog_posting.php
Код: Выделить всё
#-----[ FIND ]------------------------------------------------
'ENTRY_SUBJECT' => $entry_subject,
#-----[ REPLACE WITH ]------------------------------------------------
'ENTRY_SUBJECT' => strip_tags(htmlspecialchars($entry_subject)),
#-----[ FIND ]------------------------------------------------
'WEBLOG_NAME' => $weblog_data['weblog_name'],
#-----[ REPLACE WITH ]------------------------------------------------
'WEBLOG_NAME' => strip_tags($weblog_data['weblog_name']),
#-----[ FIND ]------------------------------------------------
$post_subject = stripslashes($subject);
#-----[ REPLACE WITH ]------------------------------------------------
$post_subject = strip_tags(htmlspecialchars(stripslashes($subject)));
#-----[ FIND ]------------------------------------------------
$preview_action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $action_text . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . $action_text) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$preview_action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . strip_tags(htmlspecialchars($currently['action_text'])) . ' ' . $action_text . '" style="vertical-align: middle" border="0" />', strip_tags(htmlspecialchars($currently['action_text'])) . ' ' . strip_tags(htmlspecialchars($action_text))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
$preview_action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', $action_text) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$preview_action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($action_text))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
$entry_action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $entry_currently['action_url'] . '" alt="' . $entry_currently['action_text'] . ' ' . $entry_data['currently_text'] . '" style="vertical-align: middle" border="0" />', $entry_currently['action_text'] . ' ' . $entry_data['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$entry_action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $entry_currently['action_url'] . '" alt="' . $entry_currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data['currently_text'])) . '" style="vertical-align: middle" border="0" />', $entry_currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data['currently_text']))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
$entry_action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', $entry_data['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$entry_action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($entry_data['currently_text']))) . ' <strong>]</strong>';
weblog_friends.php
Код: Выделить всё
#-----[ FIND ]------------------------------------------------
$action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $entry_data[$i]['currently_text'] . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . $entry_data[$i]['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$action = '<strong>[</strong> ' . sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data[$i]['currently_text'])) . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data[$i]['currently_text']))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
$action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', $entry_data[$i]['currently_text']) . ' <strong>]</strong>';
#-----[ REPLACE WITH ]------------------------------------------------
$action = '<strong>[</strong>' . sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($entry_data[$i]['currently_text']))) . ' <strong>]</strong>';
#-----[ FIND ]------------------------------------------------
'WEBLOG_NAME' => $friend_data[$i]['weblog_name'],
#-----[ REPLACE WITH ]------------------------------------------------
'WEBLOG_NAME' => strip_tags($friend_data[$i]['weblog_name']),
#-----[ FIND ]------------------------------------------------
'SUBJECT' => $friend_entry_data['entry_subject'],
#-----[ REPLACE WITH ]------------------------------------------------
'SUBJECT' => strip_tags(htmlspecialchars($friend_entry_data['entry_subject'])),
#-----[ FIND ]------------------------------------------------
'WEBLOG_NAME' => $weblog_data['weblog_name'])
#-----[ REPLACE WITH ]------------------------------------------------
'WEBLOG_NAME' => strip_tags($weblog_data['weblog_name']))
#-----[ FIND ]------------------------------------------------
'POST_COMMENT' => ( !$friend_entry_data['no_replies'] && $friend_entry_data['entry_text'] ) ? sprintf($friend_data[$i]['post_reply_text'], $friend_entry_data['entry_replies']) : '',
#-----[ REPLACE WITH ]------------------------------------------------
'POST_COMMENT' => ( !$friend_entry_data['no_replies'] && $friend_entry_data['entry_text'] ) ? sprintf(strip_tags($friend_data[$i]['post_reply_text']), $friend_entry_data['entry_replies']) : '',
#-----[ FIND ]------------------------------------------------
'REPLIES' => ( !$friend_entry_data['no_replies'] && $friend_entry_data['entry_text'] ) ? sprintf($friend_data[$i]['replies_text'], $friend_entry_data['entry_replies']) : '',
#-----[ REPLACE WITH ]------------------------------------------------
'REPLIES' => ( !$friend_entry_data['no_replies'] && $friend_entry_data['entry_text'] ) ? sprintf(strip_tags($friend_data[$i]['replies_text']), $friend_entry_data['entry_replies']) : '',
#-----[ FIND ]------------------------------------------------
$friend_entry_data['entry_text'] = nl2br($friend_entry_data['entry_text']);
#-----[ AFTER ADD ]------------------------------------------------
$friend_entry_data['entry_text'] = undo_htmlspecialchars($friend_entry_data['entry_text']);
weblog_news.php
Код: Выделить всё
#-----[ FIND ]------------------------------------------------
$action = sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $last_entry_data['currently_text'] . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . $last_entry_data['currently_text']);
#-----[ REPLACE WITH ]------------------------------------------------
$action = sprintf($lang['Currently:'], '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($last_entry_data['currently_text'])) . '" style="vertical-align: middle" border="0" />', $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($last_entry_data['currently_text'])));
#-----[ FIND ]------------------------------------------------
$action = sprintf($lang['Currently:'], '', $last_entry_data['currently_text']);
#-----[ REPLACE WITH ]------------------------------------------------
$action = sprintf($lang['Currently:'], '', strip_tags(htmlspecialchars($last_entry_data['currently_text'])));
#-----[ FIND ]------------------------------------------------
'L_LATEST_ENTRIES' => $blog_row[$i]['entry_subject'],
#-----[ REPLACE WITH ]------------------------------------------------
'L_LATEST_ENTRIES' => strip_tags(htmlspecialchars($blog_row[$i]['entry_subject'])),
#-----[ FIND ]------------------------------------------------
'L_LATEST_REPLY' => $replies_row[$i]['entry_subject'],
#-----[ REPLACE WITH ]------------------------------------------------
'L_LATEST_REPLY' => strip_tags(htmlspecialchars($replies_row[$i]['entry_subject'])),
#-----[ FIND ]------------------------------------------------
'L_BLOG_NAME' => $replies_row[$i]['weblog_name'],
#-----[ REPLACE WITH ]------------------------------------------------
'L_BLOG_NAME' => strip_tags($replies_row[$i]['weblog_name']),
weblog_allentries.php
Код: Выделить всё
#-----[ FIND ]------------------------------------------------
$page_title = $weblog_data['weblog_name'] . ' :: ' . $lang['Entries'];
#-----[ REPLACE WITH ]------------------------------------------------
$page_title = strip_tags($weblog_data['weblog_name']) . ' :: ' . $lang['Entries'];
#-----[ FIND ]------------------------------------------------
'WEBLOG_NAME' => $weblog_data['weblog_name'],
#-----[ REPLACE WITH ]------------------------------------------------
'WEBLOG_NAME' => strip_tags($weblog_data['weblog_name']),
#-----[ FIND ]------------------------------------------------
$entry_subject = ( count($orig_word) && $weblog_config['censor_weblog'] ) ? preg_replace($orig_word, $replacement_word, $entry_data[$i]['entry_subject']) : $entry_data[$i]['entry_subject'];
#-----[ REPLACE WITH ]------------------------------------------------
$entry_subject = ( count($orig_word) && $weblog_config['censor_weblog'] ) ? preg_replace($orig_word, $replacement_word, strip_tags(htmlspecialchars($entry_data[$i]['entry_subject']))) : strip_tags(htmlspecialchars($entry_data[$i]['entry_subject']));
#-----[ FIND ]------------------------------------------------
$action = '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . $entry_data[$i]['currently_text'] . '" border="0" />';
#-----[ REPLACE WITH ]------------------------------------------------
$action = '<img src="images/weblogs/' . $currently['action_url'] . '" alt="' . $currently['action_text'] . ' ' . strip_tags(htmlspecialchars($entry_data[$i]['currently_text'])) . '" border="0" />';
ссылка на обновлённые файлы для версии 0.2.4b
ссылка на тему официального форума