fix: Security bug in session env

This commit is contained in:
JT Smith 2006-07-11 20:32:46 +00:00
parent 63b22dc502
commit a440cb5f41
10 changed files with 30 additions and 16 deletions

View file

@ -532,7 +532,7 @@ sub hasRated {
return 1 if $self->isPoster;
my $flag = 0;
if ($self->session->user->userId eq "1") {
($flag) = $self->session->db->quickArray("select count(*) from Post_rating where assetId=? and ipAddress=?",[$self->getId, $self->session->env->get("REMOTE_ADDR")]);
($flag) = $self->session->db->quickArray("select count(*) from Post_rating where assetId=? and ipAddress=?",[$self->getId, $self->session->env->getIp]);
} else {
($flag) = $self->session->db->quickArray("select count(*) from Post_rating where assetId=? and userId=?",[$self->getId, $self->session->user->userId]);
}
@ -776,7 +776,7 @@ sub rate {
return undef unless ($rating == -1 || $rating == 1);
unless ($self->hasRated) {
$self->session->db->write("insert into Post_rating (assetId,userId,ipAddress,dateOfRating,rating) values ("
.$self->session->db->quote($self->getId).", ".$self->session->db->quote($self->session->user->userId).", ".$self->session->db->quote($self->session->env->get("REMOTE_ADDR")).",
.$self->session->db->quote($self->getId).", ".$self->session->db->quote($self->session->user->userId).", ".$self->session->db->quote($self->session->env->getIp).",
".$self->session->datetime->time().", ".$self->session->db->quote($rating).")");
my ($sum) = $self->session->db->quickArray("select sum(rating) from Post_rating where assetId=".$self->session->db->quote($self->getId));
$self->update({rating=>$sum});

View file

@ -553,7 +553,7 @@ sub rate {
return undef unless ($rating == -1 || $rating == 1);
unless ($self->hasRated) {
$self->session->db->write("insert into Post_rating (assetId,userId,ipAddress,dateOfRating,rating) values ("
.$self->session->db->quote($self->getId).", ".$self->session->db->quote($self->session->user->userId).", ".$self->session->db->quote($self->session->env->get("REMOTE_ADDR")).",
.$self->session->db->quote($self->getId).", ".$self->session->db->quote($self->session->user->userId).", ".$self->session->db->quote($self->session->env->getIp).",
".$self->session->datetime->time().", ".$self->session->db->quote($rating).")");
my ($sum) = $self->session->db->quickArray("select sum(Post.rating) from Post left join asset on Post.assetId=asset.assetId where Post.threadId=".$self->session->db->quote($self->getId)." and Post.rating>0");
$self->update({rating=>$sum});

View file

@ -1091,7 +1091,7 @@ sub www_process {
assetId=>$self->getId,
userId=>$self->session->user->userId,
username=>$self->session->user->username,
ipAddress=>$self->session->env->get("REMOTE_ADDR"),
ipAddress=>$self->session->env->getIp,
submissionDate=>$self->session->datetime->time()
},0);
my ($var, %row, @errors, $updating, $hadErrors);

View file

@ -28,7 +28,7 @@ sub _hasVoted {
my $self = shift;
my ($hasVoted) = $self->session->db->quickArray("select count(*) from Poll_answer
where assetId=".$self->session->db->quote($self->getId)." and ((userId=".$self->session->db->quote($self->session->user->userId)."
and userId<>'1') or (userId=".$self->session->db->quote($self->session->user->userId)." and ipAddress='".$self->session->env->get("REMOTE_ADDR")."'))");
and userId<>'1') or (userId=".$self->session->db->quote($self->session->user->userId)." and ipAddress='".$self->session->env->getIp."'))");
return $hasVoted;
}
@ -412,7 +412,7 @@ sub www_vote {
my $self = shift;
my $u;
if ($self->session->form->process("answer") ne "" && $self->session->user->isInGroup($self->get("voteGroup")) && !($self->_hasVoted())) {
$self->setVote($self->session->form->process("answer"),$self->session->user->userId,$self->session->env->get("REMOTE_ADDR"));
$self->setVote($self->session->form->process("answer"),$self->session->user->userId,$self->session->env->getIp);
if ($self->session->setting->get("useKarma")) {
$self->session->user->karma($self->get("karmaPerVote"),"Poll (".$self->getId.")","Voted on this poll.");
}

View file

@ -322,7 +322,7 @@ sub getEditForm {
#-------------------------------------------------------------------
sub getIp {
my $self = shift;
my $ip = ($self->get("anonymous")) ? substr(md5_hex($self->session->env->get("REMOTE_ADDR")),0,8) : $self->session->env->get("REMOTE_ADDR");
my $ip = ($self->get("anonymous")) ? substr(md5_hex($self->session->env->getIp),0,8) : $self->session->env->getIp;
return $ip;
}