vBulletin SEO Forums

SEO

vBulletin Search Engine Optimization

Buy vBSEO Now! HACKER SAFE certified sites prevent over 99.9% of hacker crime.
ne nw
vBSEO Team: Hot or Not? Ready for Traffic Explosion? vBSEO 3.2.0 GOLD Has Landed Success with vBSEO = 600ore Web Visitors + $1400 in a Day! vBSEO Helps Forum Earn $100/day from Google AdSense Discover the Power of "Long Tail Search" Crawlability Inc. Files for SEO Technology Patent
se sw

Code Security...

This is a discussion on Code Security... within the Off-Topic & Chit Chat forums, part of the Focus on Members category; Just wanted to get a "once over" by anyone with time. Anything horrible stick out? PHP Code:   <?php  //Load global.php  ...

Go Back   vBulletin SEO Forums > Focus on Members > Off-Topic & Chit Chat

Enhancing 80 million pages.

Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 07-23-2008, 03:27 PM
Citricguy's Avatar
Senior Member
 
Real Name: Josh
Join Date: Nov 2006
Location: Maui, Hawaii
Posts: 107
Blog Entries: 7
Code Security...

Just wanted to get a "once over" by anyone with time. Anything horrible stick out?

PHP Code:
 <?php 
//Load global.php 
require_once('./global.php'); 

//Clean GET variabls 
$vbulletin->input->clean_array_gpc('g', array( 
'r' => TYPE_NOHTML
'g' => TYPE_UINT 
));  

//Login and Redirect 
if (!is_member_of($vbulletin->userinfo$vbulletin->GPC['g'])) 

    
print_no_permission(); 
} else { 
    
header("Location:"$vbulletin->GPC['r']) ; 

?>
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2  
Old 07-23-2008, 04:21 PM
briansol's Avatar
Senior Member
vBSEO Pre-Release TeamDesign for SEOBig Board Administrator
 
Real Name: Brian
Join Date: Apr 2006
Location: Central CT, USA
Posts: 4,711
using Get (g) on the $r can be re-directed other than intended...

ie,

yoursite.com/thisscript.php?r=http://someothersite.com

something to consider.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3  
Old 07-23-2008, 04:51 PM
Citricguy's Avatar
Senior Member
 
Real Name: Josh
Join Date: Nov 2006
Location: Maui, Hawaii
Posts: 107
Blog Entries: 7
Good point, I'm going to force it to only allow redirects to specific domains and directories.

Thank you yet again!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Security Hole MaktoobForums Bug Reporting 1 06-04-2007 02:53 AM
security? sde General Discussion 8 07-18-2006 10:44 PM


All times are GMT -4. The time now is 06:53 PM.


Powered by vBulletin Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.