Beat wrote:
Ok, regarding JoomlaBoard 1.1.2, I didn't do a full analysis, but this quick fix helps quite far:
in begining of components/com_joomlaboard/joomlaboard.php change (actually add 14 lines):
Code: Select all
$catid = mosGetParam ( $_GET, 'catid' , '' );
$Itemid = mosGetParam ( $_GET, 'Itemid', '' );
$func = mosGetParam ( $_GET, 'func' , '' );
//If they're not put in with get requests, try post requests else default to value given
if ($catid == '' ) $catid = mosGetParam ( $_POST, 'catid' , '0' );
if ($Itemid == '' ) $Itemid = mosGetParam ( $_POST, 'Itemid', '1' );
if ($func == '' ) $func = mosGetParam ( $_POST, 'func' , 'listcat');
to:
Code: Select all
$catid = mosGetParam ( $_GET, 'catid' , '' );
$Itemid = mosGetParam ( $_GET, 'Itemid', '' );
$func = mosGetParam ( $_GET, 'func' , '' );
if (isset($_GET["id"])) $id = mosGetParam ( $_GET, 'id' , '' ); //BBTEMPFIX
if (isset($_GET["do"])) $do = mosGetParam ( $_GET, 'do' , '' ); //BBTEMPFIX
if (isset($_GET["replyto"])) $replyto = mosGetParam ( $_GET, 'replyto' , '' ); //BBTEMPFIX
if (isset($_GET["page"])) $page = mosGetParam ( $_GET, 'page' , '' ); //BBTEMPFIX
if (isset($_GET["sel"])) $sel = mosGetParam ( $_GET, 'sel' , '' ); //BBTEMPFIX
if (isset($_GET["userid"])) $userid = mosGetParam ( $_GET, 'userid' , '' ); //BBTEMPFIX
if (isset($_GET["pid"])) $pid = mosGetParam ( $_GET, 'pid' , '' ); //BBTEMPFIX
if (isset($_GET["view"])) $view = mosGetParam ( $_GET, 'view' , '' ); //BBTEMPFIX
//If they're not put in with get requests, try post requests else default to value given
if ($catid == '' ) $catid = mosGetParam ( $_POST, 'catid' , '0' );
if ($Itemid == '' ) $Itemid = mosGetParam ( $_POST, 'Itemid', '1' );
if ($func == '' ) $func = mosGetParam ( $_POST, 'func' , 'listcat');
if (!isset($id) && isset($_POST["id"])) $id = mosGetParam ( $_POST, 'id' , ''); //BBTEMPFIX
if (!isset($do) && isset($_POST["do"])) $do = mosGetParam ( $_POST, 'do' , ''); //BBTEMPFIX
if (!isset($replyto) && isset($_POST["replyto"])) $replyto = mosGetParam ( $_POST, 'replyto' , ''); //BBTEMPFIX
if (!isset($parentid) && isset($_POST["parentid"])) $parentid = mosGetParam ( $_POST, 'parentid' , ''); //BBTEMPFIX
if (!isset($action) && isset($_POST["action"])) $action = mosGetParam ( $_POST, 'action' , ''); //BBTEMPFIX
if (!isset($contentURL) && isset($_POST["contentURL"])) $contentURL = mosGetParam ( $_POST, 'contentURL' , ''); //BBTEMPFIX
if (!isset($sb_authorname) && isset($_POST["sb_authorname"])) $sb_authorname = mosGetParam ( $_POST, 'sb_authorname' , ''); //BBTEMPFIX
if (!isset($email) && isset($_POST["email"])) $email = mosGetParam ( $_POST, 'email' , ''); //BBTEMPFIX
if (!isset($subject) && isset($_POST["subject"])) $subject = mosGetParam ( $_POST, 'subject' , ''); //BBTEMPFIX
if (!isset($topic_emoticon) && isset($_POST["topic_emoticon"])) $topic_emoticon = mosGetParam ( $_POST, 'topic_emoticon' , ''); //BBTEMPFIX
if (!isset($message) && isset($_POST["message"])) $message = mosGetParam ( $_POST, 'message' , ''); //BBTEMPFIX
if (!isset($subscribeMe) && isset($_POST["subscribeMe"])) $subscribeMe = mosGetParam ( $_POST, 'subscribeMe' , ''); //BBTEMPFIX
if (!isset($attachimage) && isset($_FILES['attachimage'])) $attachimage = mosGetParam ( $_FILES['attachimage'], 'name', ''); //BBTEMPFIX
if (!isset($attachfile) && isset($_FILES['attachfile'])) $attachfile = mosGetParam ( $_FILES['attachfile'], 'name', ''); //BBTEMPFIX
if (!isset($sb_thread) && isset($_REQUEST["sb_thread"])) $sb_thread = mosGetParam ( $_REQUEST, 'sb_thread' , ''); //BBTEMPFIX
if (!isset($thread) && isset($_REQUEST["thread"])) $thread = mosGetParam ( $_REQUEST, 'thread' , ''); //BBTEMPFIX
if (!isset($markaction) && isset($_POST["markaction"])) $markaction = mosGetParam ( $_POST, 'markaction' , ''); //BBTEMPFIX
This allows to browse from forum to threads list and from threads list to thread, as well as to type and send post reply, as well as edit a post.
I didn't test everything and didn't do a security review of JoomlaBoard itself, but could someone please test and post test-results quickly ?
Bug Artifact created for JoomlaBoard here:
http://forge.joomla.org/sf/tracker/do/v ... s/artf5660
(CB quick fix following in next post)
EDIT: added above for threads page browsing and correct latest posts timeframe selection:
if (isset($_GET["page"])) $page = mosGetParam ( $_GET, 'page' , '' ); //BBTEMPFIX
if (isset($_GET["sel"])) $sel = mosGetParam ( $_GET, 'sel' , '' ); //BBTEMPFIX
EDIT added above:
if (!isset($sb_thread) && isset($_REQUEST["sb_thread"])) $sb_thread = mosGetParam ( $_REQUEST, 'sb_thread' , ''); //BBTEMPFIX
if (!isset($thread) && isset($_REQUEST["thread"])) $thread = mosGetParam ( $_REQUEST, 'thread' , ''); //BBTEMPFIX
EDIT: added then CHANGED above:
if (!isset($subscribeMe) && isset($_POST["subscribeMe"])) $subscribeMe = mosGetParam ( $_POST, 'subscribeMe' , ''); //BBTEMPFIX
if (!isset($attachimage) && isset($_FILES['attachimage'])) $attachimage = mosGetParam ( $_FILES['attachimage'], 'name', ''); //BBTEMPFIX
if (!isset($attachfile) && isset($_FILES['attachfile'])) $attachfile = mosGetParam ( $_FILES['attachfile'], 'name', ''); //BBTEMPFIX
EDIT: added above:
if (isset($_GET["userid"])) $userid = mosGetParam ( $_GET, 'userid' , '' ); //BBTEMPFIX
if (isset($_GET["pid"])) $pid = mosGetParam ( $_GET, 'pid' , '' ); //BBTEMPFIX
if (!isset($markaction) && isset($_POST["markaction"])) $markaction = mosGetParam ( $_POST, 'markaction' , ''); //BBTEMPFIX
EDIT: added above:
if (isset($_GET["view"])) $view = mosGetParam ( $_GET, 'view' , '' ); //BBTEMPFIX