| Zeile 266 | Zeile 266 |
|---|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
if($inherit[$usergroup['gid']] != 1)
| if(empty($inherit[$usergroup['gid']]))
|
{
|
{
|
if($canview[$usergroup['gid']] == 1)
| if(!empty($canview[$usergroup['gid']]))
|
{
$pview = 1;
}
| {
$pview = 1;
}
|
| Zeile 277 | Zeile 277 |
|---|
$pview = 0;
}
|
$pview = 0;
}
|
if($canpostthreads[$usergroup['gid']] == 1)
| if(!empty($canpostthreads[$usergroup['gid']]))
|
{
$pthreads = 1;
}
| {
$pthreads = 1;
}
|
| Zeile 286 | Zeile 286 |
|---|
$pthreads = 0;
}
|
$pthreads = 0;
}
|
if($canpostreplies[$usergroup['gid']] == 1)
| if(!empty($canpostreplies[$usergroup['gid']]))
|
{
$preplies = 1;
}
| {
$preplies = 1;
}
|
| Zeile 295 | Zeile 295 |
|---|
$preplies = 0;
}
|
$preplies = 0;
}
|
if($canpostpolls[$usergroup['gid']] == 1)
| if(!empty($canpostpolls[$usergroup['gid']]))
|
{
$ppolls = 1;
}
| {
$ppolls = 1;
}
|
| Zeile 329 | Zeile 329 |
|---|
continue;
}
|
continue;
}
|
$insertquery[$db->escape_string($field)] = (int)$existing_permissions[$field];
| $insertquery[$db->escape_string($field)] = isset($existing_permissions[$field]) ? (int)$existing_permissions[$field] : 0;
|
}
$db->insert_query("forumpermissions", $insertquery);
| }
$db->insert_query("forumpermissions", $insertquery);
|
| Zeile 667 | Zeile 667 |
|---|
function check_template($template)
{
// Check to see if our database password is in the template
|
function check_template($template)
{
// Check to see if our database password is in the template
|
if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template))
| if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0)
|
{
return true;
}
// System calls via backtick
|
{
return true;
}
// System calls via backtick
|
if(preg_match('#\$\s*\{#', $template))
| if(preg_match('#\$\s*\{#', $template) !== 0)
|
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
|
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
|
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
| $allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template);
if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0)
|
{
return true;
}
| {
return true;
}
|