2006-07-18, 11:42 PM
Applies to: Quick Edit 1.0.1 (maybe lower)
I have uncovered a big security issue with the Quick Edit mod. Maybe it is something with my forums or maybe this has already been addressed, but I thought I would let everybody know.
The Exploit
This is a major security issue with the quick edit plugin because anybody can edit anybodies posts.
Edit: I removed specific instructions for security reasons
The Options
Deactivate the plugin:
If you deactivate the plugin this is no longer an issue, but then you lose the ability to quickly modify posts.
Patch Quick Edit
Here are some patches to make. I have really only taken parts from the edit post page and modified them a little. Also I was not able to test everything to make sure that it works. Hopefully the creator of this mod will be able to implement some of these things (only more completely and with better support for some of the error messages and such)
Find:
Again hopefully this fixes the issue temporarily until an offical update to the mod can come. It would be nice for others to test this and see if it works, and also to help work out bugs that it might (probably) has.
I have uncovered a big security issue with the Quick Edit mod. Maybe it is something with my forums or maybe this has already been addressed, but I thought I would let everybody know.
The Exploit
This is a major security issue with the quick edit plugin because anybody can edit anybodies posts.
Edit: I removed specific instructions for security reasons
The Options
Deactivate the plugin:
If you deactivate the plugin this is no longer an issue, but then you lose the ability to quickly modify posts.
Patch Quick Edit
Here are some patches to make. I have really only taken parts from the edit post page and modified them a little. Also I was not able to test everything to make sure that it works. Hopefully the creator of this mod will be able to implement some of these things (only more completely and with better support for some of the error messages and such)
Find:
$post = array(
"message" => addslashes($mybb->input['message']),
"edittime" => time(),
"edituid" => intval($mybb->user['uid']),
);
$db->update_query(TABLE_PREFIX."posts", $post, "pid='".$pid."' LIMIT 1");
$message = postify($mybb->input['message']);
echo $message;
return true; $permissionok = 'yes';
if($forum['open'] == "no")
{
//nopermission();
echo "<span style=\"padding: 2px; background-color: #f4e7ea; border: 1px solid #986265; \">You do not have permission to complete the requested action. Please make sure you are logged in and that you have the proper permissions and try again";
$permissionok = 'no';
}
if(!$mybb->user['uid'])
{
//nopermission();
echo "<span style=\"padding: 2px; background-color: #f4e7ea; border: 1px solid #986265; \">You do not have permission to complete the requested action. Please make sure you are logged in and that you have the proper permissions and try again";
$permissionok = 'no';
}
if(ismod($fid, "caneditposts") != "yes") {
if($thread['closed'] == "yes") {
redirect("showthread.php?tid=$tid", $lang->redirect_threadclosed);
}
if($forumpermissions['caneditposts'] == "no") {
//nopermission();
echo "<span style=\"padding: 2px; background-color: #f4e7ea; border: 1px solid #986265; \">You do not have permission to complete the requested action. Please make sure you are logged in and that you have the proper permissions and try again";
$permissionok = 'no';
}
if($mybb->user['uid'] != $post['uid']) {
//nopermission();
echo "<span style=\"padding: 2px; background-color: #f4e7ea; border: 1px solid #986265; \">You do not have permission to complete the requested action. Please make sure you are logged in and that you have the proper permissions and try again";
$permissionok = 'no';
}
// Edit time limit
$time = time();
if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->settings['edittimelimit']*60)))
{
$lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edtitimelimit']);
error($lang->edit_time_limit);
}
}
// Password protected forums ......... yhummmmy!
checkpwforum($fid, $forum['password']);
// Max images check
if($mybb->input['action'] == "do_editpost") {
if($mybb->settings['maxpostimages'] != 0 && $mybb->usergroup['cancp'] != "yes") {
if($postoptions['disablesmilies'] == "yes") {
$allowsmilies = "no";
} else {
$allowsmilies = $forum['allowsmilies'];
}
$imagecheck = postify($mybb->input['message'], $forum['allowhtml'], $forum['allowmycode'], $allowsmilies, $forum['allowimgcode']);
if(substr_count($imagecheck, "<img") > $mybb->settings['maxpostimages']) {
eval("\$maximageserror = \"".$templates->get("error_maxpostimages")."\";");
$mybb->input['action'] = "editpost";
}
}
}
if($permissionok == "yes") {
$post = array(
"message" => addslashes($mybb->input['message']),
"edittime" => time(),
"edituid" => intval($mybb->user['uid']),
);
$db->update_query(TABLE_PREFIX."posts", $post, "pid='".$pid."' LIMIT 1");
$message = postify($mybb->input['message']);
echo $message;
}
return true;
Again hopefully this fixes the issue temporarily until an offical update to the mod can come. It would be nice for others to test this and see if it works, and also to help work out bugs that it might (probably) has.