The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.18 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
UserSpice 4.2 Bugs and security
#4
Found another major issue:
http://localhost/usercontrol/users/user_settings.php
This check is not valid:
<pre>
Code:
<?php if (($settings->change_un == 0) || (($settings->change_un == 2) && ($user->data()->un_changed == 1)) ) {
    echo "<input  class='form-control' type='text' name='username' value='$displayname' readonly/>";
}else{
    echo "<input  class='form-control' type='text' name='username' value='$displayname'>";
}?>
</pre>


User can open developer console (for in chrome ctrl+shift+i) and remove "readonly" - that's it, now user can change his name even if he is not allowed to.

That what I've added for myself (two additional checks):
<pre>
Code:
$validation->check($_POST,array(
    'username' => array(
        'display' => 'Псевдоним',
        'required' => true,
        'unique_update' => 'users,'.$userId,
        'min' => (int)$settings->min_un,
        'max' => (int)$settings->max_un,
        'valid_username' => true,
        'can_change_name' => true
    )
));
</pre>


In validate.php I added that code:
<pre>
Code:
case 'valid_username':
    if (!preg_match('/[^A-Za-z0-9]/', $value)) // using ! is important: It will save you from scanning entire user input .
    {
      // string contains only english letters & digits
    }else{
        $this->addError(["{$display} using wron format", $item]);
    }
    break;
case 'can_change_name':
    global $settings;
    global $user;
    if(($settings->change_un == 0) || (($settings->change_un == 2) && ($user->data()->un_changed == 1))){
        $this->addError(["You are not allowed to change your name.", $item]);
    }
    break;
</pre>
  Reply


Messages In This Thread
UserSpice 4.2 Bugs and security - by SavageStyle - 10-16-2017, 05:07 PM
UserSpice 4.2 Bugs and security - by Brandin - 10-16-2017, 10:30 PM
UserSpice 4.2 Bugs and security - by mudmin - 10-17-2017, 01:16 AM
UserSpice 4.2 Bugs and security - by SavageStyle - 10-21-2017, 08:56 AM
UserSpice 4.2 Bugs and security - by Brandin - 10-21-2017, 10:19 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)