Форум АНТИЧАТ - typo3 macina

Баг в файле class.tx_macinabanners_pi1.php, а именно в функции main()

Исправлено в 1.4.1 (кусок кода):

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]$record[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"]) 

                {

[/COLOR][COLOR="#FF8000"]// update clicks

                

                    /* removed SQL injection vulnarable code

                    $clicksquery = 'UPDATE tx_macinabanners_banners SET clicks = clicks+1 WHERE uid = ' . $_GET['uid'];

                    $clicks = mysql(TYPO3_db, $clicksquery);

                    if (mysql_error())

                        t3lib_div::debug(array (mysql_error(), $clicksquery ));

                     */

                     

                    // fiexed SQL injection vulnarable code  : thanx to Stefan Geith

[/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'TYPO3_DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]exec_UPDATEquery[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'tx_macinabanners_banners'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'uid = '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]intval[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]piVars[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'banneruid'[/COLOR][COLOR="#007700"]]),array([/COLOR][COLOR="#DD0000"]'clicks'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$record[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'clicks'[/COLOR][COLOR="#007700"]]+[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]));

                     

[/COLOR][COLOR="#FF8000"]// get URL

[/COLOR][COLOR="#007700"]unset ([/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]piVars[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'banneruid'[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Location: '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]cObj[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getTypoLink_URL[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$record[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'url'[/COLOR][COLOR="#007700"]]));

                    exit;

                }[/COLOR][/COLOR]

Скачать

macina_banners_1.4.1.t3x

... странно, но у меня в 1.4.0 код отличается от того, что закомментирован в 1.4.1

а именно...

PHP код:


		
			
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]$record[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#FF8000"]// update clicks

[/COLOR][COLOR="#0000BB"]$clicksquery[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'UPDATE tx_macinabanners_banners SET clicks = clicks+1 WHERE uid = '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]piVars[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'banneruid'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$clicks[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]TYPO3_db[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$clicksquery[/COLOR][COLOR="#007700"]);

                    if ([/COLOR][COLOR="#0000BB"]mysql_error[/COLOR][COLOR="#007700"]())

[/COLOR][COLOR="#0000BB"]t3lib_div[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]debug[/COLOR][COLOR="#007700"](array ([/COLOR][COLOR="#0000BB"]mysql_error[/COLOR][COLOR="#007700"](),[/COLOR][COLOR="#0000BB"]$clicksquery[/COLOR][COLOR="#007700"]));

                     

[/COLOR][COLOR="#FF8000"]// t3lib_div::debug($record);

                     

                    // get URL

[/COLOR][COLOR="#007700"]unset ([/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]piVars[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'banneruid'[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Location: '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]cObj[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getTypoLink_URL[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$record[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'url'[/COLOR][COLOR="#007700"]]));

                    exit;

                }[/COLOR][/COLOR]

Скачать

macina_banners_1.4.0.t3x

Скрипт распаковки