Author Topic: Security Fix: members/retract_credits_banner.php  (Read 1065 times)

0 Members and 1 Guest are viewing this topic.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Security Fix: members/retract_credits_banner.php
« on: April 03, 2011, 02:24:04 AM »
It has come to our attention that people have been adding ad credits through their my ads pages. Here is the fix:

Go to your members/retract_credits_banner.php  file around lines 24 to 40, remove what is in bold:

if($action == "retract") {
   if($credits < 1) {
      $error_msg="You must enter at least 1 credit!";
   }
   else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else {
      if($credits > $thisad[credits]) {
         $credits=$thisad[credits];
      }

      $sql=$Db1->query("UPDATE banners SET credits=credits-$credits WHERE id='$id'");
      $sql=$Db1->query("UPDATE user SET banner_credits=banner_credits+$credits WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=banner&".$url_variables."");
   }
}

and then add what is in bold so it looks like the code below:

if($action == "retract") {
   if($credits < 1) {
      $error_msg="You must enter at least 1 credit!";
   }
   else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else if( ereg("[^0-9]", $credits) ){
           $error_msg="You can only put in numbers 0 to 9";
      }
      else if($credits > $thisad[credits]) {
            $error_msg="You can not remove more credits than you have!!";
      }

   else {
        $credits=asql($credits);
           $username=asql($username);

   $sql=$Db1->query("UPDATE banners SET credits=credits-$credits WHERE id='$id'");
      $sql=$Db1->query("UPDATE user SET banner_credits=banner_credits+$credits WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=banner&".$url_variables."");
   }
}
« Last Edit: April 10, 2011, 01:12:50 PM by 757jterrell »

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Re: Security Fix: members/retract_credits_banner.php
« Reply #1 on: April 10, 2011, 01:13:34 PM »
$credits=asql($credits);
$username=asql($username);

Added by Greg from Offerscript.

Thanks Greg

You will also need to add this functions to your includes/function.php file:
This is copyrighted by CODE COPYRIGHT TO GPSBLACK/OFFERSCRIPT

function asql($string)
{
  if(get_magic_quotes_gpc())
  {
     $string = strip_tags($string);
     $string = stripslashes($string);
  }
  if (phpversion() >= '4.3.0')
  {
     $string = strip_tags($string);
      $string = mysql_real_escape_string($string);
  }
  else
  {
     $string = mysql_escape_string($string);
  }
  return $string;
}
« Last Edit: April 10, 2011, 01:41:36 PM by 757jterrell »