Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php
// begin original post
Vulnerable:
$allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? (
($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
$allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? (
($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) :
$board_config['allow_bbcode'];
$allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? (
($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) :
$board_config['allow_smilies'];
Fixed:
$allowhtml = ( $board_config['allowhtml']) ) ? TRUE : 0;
$allowbbcode = ( $board_config['allowbbcode']) ) ? TRUE : 0;
$allowsmilies = ( $board_config['allowsmilies']) ) ? TRUE : 0;
// end original post.
I believe you mean:
Fixed:
$allowhtml = ( ($board_config['allowhtml']) ) ? TRUE : 0;
$allowbbcode = ( ($board_config['allowbbcode']) ) ? TRUE : 0;
$allowsmilies = ( ($board_config['allowsmilies']) ) ? TRUE : 0;