diff --git a/inc/functions.php b/inc/functions.php index 462bc173..c50336ae 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -880,7 +880,7 @@ function displayBan($ban) { Element('page.html', array( 'title' => _('Banned!'), 'config' => $config, - 'nojavascript' => true, + 'boardlist' => createBoardlist($mod), 'body' => Element('banned.html', array( 'config' => $config, 'ban' => $ban, diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 8b6f73c4..8380cfd3 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -15,7 +15,7 @@ function mod_page($title, $template, $args, $subtitle = false) { 'hide_dashboard_link' => $template == 'mod/dashboard.html', 'title' => $title, 'subtitle' => $subtitle, - 'nojavascript' => true, + 'boardlist' => createBoardlist($mod), 'body' => Element($template, array_merge( array('config' => $config, 'mod' => $mod), @@ -846,7 +846,7 @@ function mod_page_ip($ip) { $args['security_token'] = make_secure_link_token('IP/' . $ip); - mod_page(sprintf('%s: %s', _('IP'), $ip), 'mod/view_ip.html', $args, $args['hostname']); + mod_page(sprintf('%s: %s', _('IP'), htmlspecialchars($ip)), 'mod/view_ip.html', $args, $args['hostname']); } function mod_ban() { diff --git a/mod.php b/mod.php index 5697e2b5..c005dcb5 100644 --- a/mod.php +++ b/mod.php @@ -12,16 +12,6 @@ require_once 'inc/mod/auth.php'; if ($config['debug']) $parse_start_time = microtime(true); -// Fix for magic quotes -if (get_magic_quotes_gpc()) { - function strip_array($var) { - return is_array($var) ? array_map('strip_array', $var) : stripslashes($var); - } - - $_GET = strip_array($_GET); - $_POST = strip_array($_POST); -} - $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : ''; $pages = array( diff --git a/post.php b/post.php index 4c944178..6e893747 100644 --- a/post.php +++ b/post.php @@ -7,16 +7,6 @@ require_once 'inc/functions.php'; require_once 'inc/anti-bot.php'; require_once 'inc/bans.php'; -// Fix for magic quotes -if (get_magic_quotes_gpc()) { - function strip_array($var) { - return is_array($var) ? array_map('strip_array', $var) : stripslashes($var); - } - - $_GET = strip_array($_GET); - $_POST = strip_array($_POST); -} - if ((!isset($_POST['mod']) || !$_POST['mod']) && $config['board_locked']) { error("Board is locked"); } @@ -447,7 +437,7 @@ if (isset($_POST['delete'])) { $i = 0; foreach ($_FILES as $key => $file) { if ($file['size'] && $file['tmp_name']) { - $file['filename'] = urldecode(get_magic_quotes_gpc() ? stripslashes($file['name']) : $file['name']); + $file['filename'] = urldecode($file['name']); $file['extension'] = strtolower(mb_substr($file['filename'], mb_strrpos($file['filename'], '.') + 1)); if (isset($config['filename_func'])) $file['file_id'] = $config['filename_func']($file); @@ -625,12 +615,14 @@ if (isset($_POST['delete'])) { if ($post['has_file']) { foreach ($post['files'] as $key => &$file) { - if ($file['is_an_image'] && $config['ie_mime_type_detection'] !== false) { - // Check IE MIME type detection XSS exploit - $buffer = file_get_contents($upload, null, null, null, 255); - if (preg_match($config['ie_mime_type_detection'], $buffer)) { - undoImage($post); - error($config['error']['mime_exploit']); + if ($file['is_an_image']) { + if ($config['ie_mime_type_detection'] !== false) { + // Check IE MIME type detection XSS exploit + $buffer = file_get_contents($upload, null, null, null, 255); + if (preg_match($config['ie_mime_type_detection'], $buffer)) { + undoImage($post); + error($config['error']['mime_exploit']); + } } require_once 'inc/image.php'; @@ -639,6 +631,9 @@ if (isset($_POST['delete'])) { if (!$size = @getimagesize($file['tmp_name'])) { error($config['error']['invalidimg']); } + if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) { + error($config['error']['invalidimg']); + } if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) { error($config['error']['maxsize']); } diff --git a/templates/page.html b/templates/page.html index 13753c03..3522702f 100644 --- a/templates/page.html +++ b/templates/page.html @@ -9,6 +9,8 @@ {{ title }} + {{ boardlist.top }} + {% if pm %}
You have an unread PM{% if pm.waiting > 0 %}, plus {{ pm.waiting }} more waiting{% endif %}.
{% endif %}

{{ title }}