Skip to content
This repository has been archived by the owner on Dec 1, 2022. It is now read-only.

Xss #423

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Xss #423

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6a92a03
Fix : Display only public video
ASponch Jan 29, 2018
54eed43
modified:video cookie lifetime if video duration is bigger than one hour
ASponch Jan 29, 2018
1460812
Merge branch 'master' of github.com:arslancb/clipbucket
ASponch Mar 9, 2018
f013bcf
BugFix : XSS exploit
ASponch Mar 9, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 24 additions & 21 deletions upload/includes/functions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2181,8 +2181,11 @@ function increment_views_new($id,$type=NULL) {
{
if(!isset($_COOKIE['video_'.$id])) {
$currentTime = time();
$vdetails = get_video_details($id);
// Cookie life time at least 1 hour else if video duration is bigger set at video time.
$cookieTime = ($vdetails['duration'] > 3600) ? $vdetails['duration'] : $cookieTime = 3600;
$db->update(tbl("video"),array("views", "last_viewed"),array("|f|views+1",$currentTime)," videoid='$id' OR videokey='$id'");
setcookie('video_'.$id,'watched',time()+3600);
setcookie('video_'.$id,'watched',time()+$cookieTime);
}
}
break;
Expand Down Expand Up @@ -2714,19 +2717,19 @@ function category_link($data,$type) {
case 'video':case 'videos':case 'v':
{
if(SEO=='yes') {
return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
} else {
return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='. htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;

case 'channels':case 'channel':case'c':case'user':
{
if(SEO=='yes') {
return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
} else {
return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
Expand All @@ -2739,7 +2742,7 @@ function category_link($data,$type) {

if(defined("IN_MODULE")) {
global $prefix_catlink;
$url = 'cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
$url = 'cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
$url = $prefix_catlink.$url;
$rm_array = array("cat","sort","time","page","seo_cat_name");
$p = "";
Expand All @@ -2751,9 +2754,9 @@ function category_link($data,$type) {
}

if(SEO=='yes') {
return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
} else {
return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
Expand Down Expand Up @@ -2790,18 +2793,18 @@ function sort_link($sort,$mode='sort',$type) {
if($mode == 'sort') {
$sorting = $sort;
} else {
$sorting = $_GET['sort'];
$sorting = htmlspecialchars($_GET['sort']);
}
if($mode == 'time') {
$time = $sort;
} else {
$time = $_GET['time'];
$time = htmlspecialchars($_GET['time']);
}

if (SEO=='yes') {
return BASEURL.'/videos/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
return BASEURL.'/videos/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
} else {
return BASEURL.'/videos.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/videos.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
Expand All @@ -2823,18 +2826,18 @@ function sort_link($sort,$mode='sort',$type) {
if($mode == 'sort') {
$sorting = $sort;
} else {
$sorting = $_GET['sort'];
$sorting = htmlspecialchars($_GET['sort']);
}
if($mode == 'time') {
$time = $sort;
} else {
$time = $_GET['time'];
$time = htmlspecialchars($_GET['time']);
}

if(SEO=='yes') {
return BASEURL.'/channels/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
return BASEURL.'/channels/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
} else {
return BASEURL.'/channels.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/channels.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
Expand All @@ -2856,28 +2859,28 @@ function sort_link($sort,$mode='sort',$type) {
if($mode == 'sort') {
$sorting = $sort;
} else {
$sorting = $_GET['sort'];
$sorting = htmlspecialchars($_GET['sort']);
}
if($mode == 'time') {
$time = $sort;
} else {
$time = $_GET['time'];
$time = htmlspecialchars($_GET['time']);
}

if(THIS_PAGE=='photos') {
$type = 'photos';
}

if(defined("IN_MODULE")) {
$url = 'cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
$url = 'cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
$plugURL = queryString($url,array("cat","sort","time","page","seo_cat_name"));
return $plugURL;
}

if(SEO=='yes') {
return BASEURL.'/'.$type.'/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
return BASEURL.'/'.$type.'/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
} else {
return BASEURL.'/'.$type.'.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
return BASEURL.'/'.$type.'.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
}
}
break;
Expand Down
8 changes: 4 additions & 4 deletions upload/rss.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,29 +30,29 @@
case 'recent':
default:
{
$videos = get_videos(array('limit'=>$limit,'order'=>'date_added DESC'));
$videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'date_added DESC'));
$title = "Recently Added Videos";
}
break;

case 'views':
{

$videos = get_videos(array('limit'=>$limit,'order'=>'views DESC'));
$videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'views DESC'));
$title = "Most Viewed Videos";
}
break;

case 'rating':
{
$videos = get_videos(array('limit'=>$limit,'order'=>'rating DESC'));
$videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'rating DESC'));
$title = "Top Rated Videos";
}
break;

case 'watching':
{
$videos = get_videos(array('limit'=>$limit,'order'=>'last_viewed DESC'));
$videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'last_viewed DESC'));
$title = "Videos Being Watched";
}
break;
Expand Down