27.06.2009, 00:50
|
|
Reservists Of Antichat - Level 6
Регистрация: 15.03.2009
Сообщений: 560
С нами:
9030566
Репутация:
2017
|
|
Код:
if (get_user_class() < UC_MODERATOR)
puke($tracker_lang['access_denied']);
$action = $_POST["action"];
if ($action == "edituser") {
$userid = $_POST["userid"];
$title = $_POST["title"];
$avatar = $_POST["avatar"];
// Check remote avatar size
if ($avatar) {
if (!preg_match('#^((http)|(ftp):\/\/[a-zA-Z0-9\-]+?\.([a-zA-Z0-9\-]+\.)+[a-zA-Z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar))
stderr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);
if(!(list($width, $height) = getimagesize($avatar)))
stderr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);
if ($width > $avatar_max_width || $height > $avatar_max_height)
stderr($tracker_lang['error'], sprintf($tracker_lang['avatar_is_too_big'], $avatar_max_width, $avatar_max_height));
}
// Check remote avatar size
$resetb = $_POST["resetb"];
$birthday = ($resetb=='yes'?", birthday = '0000-00-00'":"");
$enabled = $_POST["enabled"];
$warned = $_POST["warned"];
$warnlength = 0 + $_POST["warnlength"];
$warnpm = $_POST["warnpm"];
$donor = $_POST["donor"];
$uploadtoadd = $_POST["amountup"];
$downloadtoadd= $_POST["amountdown"];
$formatup = $_POST["formatup"];
$formatdown = $_POST["formatdown"];
$mpup = $_POST["upchange"];
$mpdown = $_POST["downchange"];
$support = $_POST["support"];
$supportfor = htmlspecialchars($_POST["supportfor"]);
$modcomm = htmlspecialchars($_POST["modcomm"]);
$deluser = $_POST["deluser"];
$class = 0 + $_POST["class"];
if (!is_valid_id($userid) || !is_valid_user_class($class))
stderr($tracker_lang['error'], "Неверный идентификатор пользователя или класса.");
// check target user class
$res = sql_query("SELECT warned, enabled, username, class, modcomment, uploaded, downloaded FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or puke("Ошибка MySQL: " . mysql_error());
$curenabled = $arr["enabled"];
$curclass = $arr["class"];
$curwarned = $arr["warned"];
if (get_user_class() == UC_SYSOP)
$modcomment = $_POST["modcomment"];
else
$modcomment = $arr["modcomment"];
// User may not edit someone with same or higher class than himself!
if ($curclass >= get_user_class() || $class >= get_user_class())
puke("Так нельзя делать!");
$userid = $_POST["userid"];
$res = sql_query("SELECT warned, enabled, username, class, modcomment, uploaded, downloaded FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
все это из файла modtask.php
посмари там через пост не уязвим ли? просто с постом работать не умею 
Последний раз редактировалось HAXTA4OK; 27.06.2009 в 00:56..
|
|
|