Вот сегодня прочитал на одном форуме, что обнаружен один баг, с помощью которого можно запросто отредактирвоать любой комментарий без специальных прав, т.е. обычный пользователь может отредактировать комментарий администратора.
И самое смешное, что те кто уже успел нагадить на других форумах, благодаря этому багу, решили не раскрывать тайну бага, как будто это нереально сложно понять...
Автор исправления: ShapeShifter (SaVGroup.ru)
При копировании материала, указание автора и ссылка на сайт разработчика обязательна.
И самое смешное, что те кто уже успел нагадить на других форумах, благодаря этому багу, решили не раскрывать тайну бага, как будто это нереально сложно понять...
Инструкция:
Открываем файл /engine/forum/ajax/editpost.php
Находим:
Добавляем ниже:
Найходим:
Добавляем выше:
Находим:
Добавляем ниже:
Находим:
Добавляем ниже:
Находим:
require_once ENGINE_DIR.'/forum/sources/components/functions.php';
Добавляем ниже:
require_once ENGINE_DIR.'/forum/classes/cache.php';
$fcache = new forum_cache;
$fcache = new forum_cache;
Найходим:
include_once ENGINE_DIR.'/forum/classes/parse.class.php';
Добавляем выше:
$forum_groups = $fcache->get('forum_groups');
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
$forum_moderators = $fcache->get('forum_moderators');
if (!$forum_moderators)
{
$get_moderators = $db->query("SELECT * FROM " . USERPREFIX . "_forum_moderators ORDER BY mid ASC");
$forum_moderators = array();
while ($row = $db->get_row($get_moderators))
{
$forum_moderators[$row['mid']] = array();
foreach ($row as $key => $value)
{
$forum_moderators[$row['mid']][$key] = $value;
}
}
$fcache->set('forum_moderators', $forum_moderators);
}
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
$forum_moderators = $fcache->get('forum_moderators');
if (!$forum_moderators)
{
$get_moderators = $db->query("SELECT * FROM " . USERPREFIX . "_forum_moderators ORDER BY mid ASC");
$forum_moderators = array();
while ($row = $db->get_row($get_moderators))
{
$forum_moderators[$row['mid']] = array();
foreach ($row as $key => $value)
{
$forum_moderators[$row['mid']][$key] = $value;
}
}
$fcache->set('forum_moderators', $forum_moderators);
}
Находим:
if ($id != $row['pid']) die ("error");
Добавляем ниже:
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Находим:
elseif ($_REQUEST['action'] == "save")
{
{
Добавляем ниже:
$row = $db->super_query("SELECT * FROM " . PREFIX . "_forum_posts WHERE `pid` = '$id'");
if ($id != $row['pid']) die ("error");
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
if ($id != $row['pid']) die ("error");
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Открываем файл /engine/forum/ajax/editpost.php
Найти:
Добавить ниже:
Найти:
Добавить выше:
Найти:
Найти:
Добавить ниже:
Найти:
include 'init.php';
Добавить ниже:
require_once ENGINE_DIR.'/forum/classes/cache.php';
$fcache = new forum_cache;
$fcache = new forum_cache;
Найти:
include_once ENGINE_DIR.'/forum/classes/parse.class.php';
Добавить выше:
$forum_groups = $fcache->get('forum_groups');
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
$forum_moderators = $fcache->get('forum_moderators');
if (!$forum_moderators)
{
$get_moderators = $db->query("SELECT * FROM " . USERPREFIX . "_forum_moderators ORDER BY mid ASC");
$forum_moderators = array();
while ($row = $db->get_row($get_moderators))
{
$forum_moderators[$row['mid']] = array();
foreach ($row as $key => $value)
{
$forum_moderators[$row['mid']][$key] = $value;
}
}
$fcache->set('forum_moderators', $forum_moderators);
}
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
$forum_moderators = $fcache->get('forum_moderators');
if (!$forum_moderators)
{
$get_moderators = $db->query("SELECT * FROM " . USERPREFIX . "_forum_moderators ORDER BY mid ASC");
$forum_moderators = array();
while ($row = $db->get_row($get_moderators))
{
$forum_moderators[$row['mid']] = array();
foreach ($row as $key => $value)
{
$forum_moderators[$row['mid']][$key] = $value;
}
}
$fcache->set('forum_moderators', $forum_moderators);
}
Найти:
if ($id != $row['pid']) die ("error");
Добавить ниже:
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Добавить ниже:
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Найти:
elseif ($_REQUEST['action'] == "save")
{
{
Добавить ниже:
$row = $db->super_query("SELECT * FROM " . PREFIX . "_forum_posts WHERE `pid` = '$id'");
if ($id != $row['pid']) die ("error");
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
if ($id != $row['pid']) die ("error");
$have_perm = 0;
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR $forum_moderators[$member_id['user_group']]['edit_post']) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Открываем файл /engine/forum/ajax/editpost.php
Находим:
Добавляем ниже:
Найходим:
Добавляем выше:
Находим:
Заменяем на:
Находим:
Добавляем ниже:
Находим:
Добавляем ниже:
Находим:
require_once ENGINE_DIR.'/forum/sources/components/functions.php';
Добавляем ниже:
require_once ENGINE_DIR.'/forum/classes/cache.php';
$fcache = new forum_cache;
$fcache = new forum_cache;
Найходим:
include_once ENGINE_DIR.'/forum/classes/parse.class.php';
Добавляем выше:
$forum_groups = $fcache->get('forum_groups');
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
Находим:
$row = $db->super_query("SELECT * FROM " . PREFIX . "_forum_posts WHERE `pid` = '$id'");
Заменяем на:
$row = $db->super_query("SELECT p.*, t.forum_id, t.tid FROM " . PREFIX . "_forum_posts p, " . PREFIX . "_forum_topics t WHERE p.pid = '$id' AND t.tid = p.topic_id");
Находим:
if ($id != $row['pid']) die ("error");
Добавляем ниже:
$have_perm = 0;
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Находим:
elseif ($_REQUEST['action'] == "save")
{
{
Добавляем ниже:
$row = $db->super_query("SELECT p.*, t.forum_id, t.tid FROM " . PREFIX . "_forum_posts p, " . PREFIX . "_forum_topics t WHERE p.pid = '$id' AND t.tid = p.topic_id");
if ($id != $row['pid']) die ("error");
$have_perm = 0;
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
if ($id != $row['pid']) die ("error");
$have_perm = 0;
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Открываем файл /engine/forum/ajax/editpost.php
Найти:
Добавить ниже:
Найти:
Добавить выше:
Найти:
Заменить на:
Найти:
Добавить ниже:
Найти:
Добавить ниже:
Найти:
include 'init.php';
Добавить ниже:
require_once ENGINE_DIR.'/forum/classes/cache.php';
$fcache = new forum_cache;
$fcache = new forum_cache;
Найти:
include_once ENGINE_DIR.'/forum/classes/parse.class.php';
Добавить выше:
$forum_groups = $fcache->get('forum_groups');
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
if (!$forum_groups)
{
$get_forum_groups = $db->query("SELECT * FROM " . USERPREFIX . "_forum_groups ORDER BY group_id ASC");
$forum_groups = array();
while ($row = $db->get_row($get_forum_groups))
{
$forum_groups[$row['group_id']] = array ();
foreach ($row as $key => $value)
{
$forum_groups[$row['group_id']][$key] = $value;
}
}
}
Найти:
$row = $db->super_query("SELECT * FROM " . PREFIX . "_forum_posts WHERE pid = $id");
Заменить на:
$row = $db->super_query("SELECT p.*, t.forum_id, t.tid FROM " . PREFIX . "_forum_posts p, " . PREFIX . "_forum_topics t WHERE p.pid = '$id' AND t.tid = p.topic_id");
Найти:
if ($id != $row['pid']) die ("error");
Добавить ниже:
$have_perm = 0;
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Найти:
elseif ($_REQUEST['action'] == "save")
{
{
Добавить ниже:
$row = $db->super_query("SELECT p.*, t.forum_id, t.tid FROM " . PREFIX . "_forum_posts p, " . PREFIX . "_forum_topics t WHERE p.pid = '$id' AND t.tid = p.topic_id");
if ($id != $row['pid']) die ("error");
$have_perm = 0;
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
if ($id != $row['pid']) die ("error");
$have_perm = 0;
$get_forum = $db->super_query("SELECT * FROM " . PREFIX . "_forum_forums WHERE id = '$row[forum_id]'");
$value = explode(":", $get_forum['access_mod']);
$check = in_array($member_id['user_group'], $value);
$check_e = false;
$check_n = false;
if (!$check and $get_forum['moderators'])
{
$moderators = explode(":", $get_forum['moderators']);
$check = in_array($member_id['user_id'], $moderators);
$check_n = true;
}
if ($check) $check_e = true;
if (!$check_n)
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE group_id = '$member_id[user_group]'");
else
$get_moder = $db->super_query("SELECT edit_post FROM " . PREFIX . "_forum_moderators WHERE member_name = '$member_id[name]'");
if( $is_logged and (($member_id['name'] == $row['post_author'] and $row['is_register'] and $forum_groups[$member_id['user_group']]['post_edit']) OR ($check_e AND $get_moder['edit_post'])) ) {
$have_perm = 1;
}
if( ! $have_perm ) die( "error" );
Автор исправления: ShapeShifter (SaVGroup.ru)
При копировании материала, указание автора и ссылка на сайт разработчика обязательна.
