12 yıl önce · 54f3af811c
--- a/Sources/LogInOut.php
+++ b/Sources/LogInOut.php
@@ -739,14 +739,24 @@ function validatePasswordFlood($id_member, $password_flood_value = false, $was_c
 
				 	if ($password_flood_value !== false)
			
 
				 		@list ($time_stamp, $number_tries) = explode('|', $password_flood_value);
			
 
				 
			
 
				-	// Timestamp invalid or non-existent?
			
 
				-	if (empty($number_tries) || $time_stamp < (time() - 10))
			
 
				+	// Timestamp or number of tries invalid?
			
 
				+	if (empty($number_tries) || empty($time_stamp))
			
 
				 	{
			
 
				-		// If it wasn't *that* long ago, don't give them another five goes.
			
 
				-		$number_tries = !empty($number_tries) && $time_stamp < (time() - 20) ? 2 : 0;
			
 
				+		$number_tries = 0;
			
 
				 		$time_stamp = time();
			
 
				 	}
			
 
				 
			
 
				+	// They've failed logging in already
			
 
				+	if (!empty($number_tries))
			
 
				+	{
			
 
				+		// Give them less chances if they failed before
			
 
				+		$number_tries = $time_stamp < time() - 20 ? 2 : $number_tries;
			
 
				+
			
 
				+		// They are trying too fast, make them wait longer
			
 
				+		if ($time_stamp < time() - 10)
			
 
				+			$time_stamp = time();
			
 
				+	}
			
 
				+
			
 
				 	$number_tries++;
			
 
				 
			
 
				 	// Broken the law?
			
--- a/Sources/ManageErrors.php
+++ b/Sources/ManageErrors.php
@@ -332,16 +332,21 @@ function deleteErrors()
 
				  */
			
 
				 function ViewFile()
			
 
				 {
			
 
				-	global $context, $txt, $boarddir, $sourcedir;
			
 
				+	global $context, $txt, $boarddir, $sourcedir, $cachedir;
			
 
				 	// Check for the administrative permission to do this.
			
 
				 	isAllowedTo('admin_forum');
			
 
				 
			
 
				-	// decode the file and get the line
			
 
				-	$file = base64_decode($_REQUEST['file']);
			
 
				+	// Decode the file and get the line
			
 
				+	$file = realpath(base64_decode($_REQUEST['file']));
			
 
				+	$real_board = realpath($boarddir);
			
 
				+	$real_source = realpath($sourcedir);
			
 
				+	$real_cache = realpath($cachedir);
			
 
				+	$basename = strtolower(basename($file));
			
 
				+	$ext = strrchr($basename, '.');
			
 
				 	$line = isset($_REQUEST['line']) ? (int) $_REQUEST['line'] : 0;
			
 
				 
			
 
				 	// Make sure the file we are looking for is one they are allowed to look at
			
 
				-	if (!is_readable($file) || (strpos($file, '../') !== false && ( strpos($file, $boarddir) === false || strpos($file, $sourcedir) === false)))
			
 
				+	if ($ext != '.php' || (strpos($file, $real_board) === false && strpos($file, $real_source) === false) || ($basename == 'settings.php' || $basename == 'settings_bak.php') || strpos($file, $real_cache) !== false || !is_readable($file))
			
 
				 		fatal_lang_error('error_bad_file', true, array(htmlspecialchars($file)));
			
 
				 
			
 
				 	// get the min and max lines
			
--- a/Sources/ManageLanguages.php
+++ b/Sources/ManageLanguages.php
@@ -574,7 +574,18 @@ function ModifyLanguages()
 
				 		checkSession();
			
 
				 		validateToken('admin-lang');
			
 
				 
			
 
				-		if ($_POST['def_language'] != $language)
			
 
				+		getLanguages(true, false);
			
 
				+		$lang_exists = false;
			
 
				+		foreach ($context['languages'] as $lang)
			
 
				+		{
			
 
				+			if ($_POST['def_language'] == $lang['filename'])
			
 
				+			{
			
 
				+				$lang_exists = true;
			
 
				+				break;
			
 
				+			}
			
 
				+		}
			
 
				+
			
 
				+		if ($_POST['def_language'] != $language && $lang_exists)
			
 
				 		{
			
 
				 			require_once($sourcedir . '/Subs-Admin.php');
			
 
				 			updateSettingsFile(array('language' => '\'' . $_POST['def_language'] . '\''));
			
--- a/Sources/Modlog.php
+++ b/Sources/Modlog.php
@@ -284,7 +284,7 @@ function ViewModlog()
 
				 				'position' => 'below_table_data',
			
 
				 				'value' => '
			
 
				 					' . $txt['modlog_search'] . ' (' . $txt['modlog_by'] . ': ' . $context['search']['label'] . '):
			
 
				-					<input type="text" name="search" size="18" value="' . $context['search']['string'] . '" class="input_text" />
			
 
				+					<input type="text" name="search" size="18" value="' . $smcFunc['htmlspecialchars']($context['search']['string']) . '" class="input_text" />
			
 
				 					<input type="submit" name="is_search" value="' . $txt['modlog_go'] . '" class="button_submit" style="float:none" />
			
 
				 					' . ($context['can_delete'] ? '&nbsp;|
			
 
				 					<input type="submit" name="remove" value="' . $txt['modlog_remove'] . '" onclick="return confirm(\'' . $txt['modlog_remove_selected_confirm'] . '\');" class="button_submit" />
			
--- a/Sources/Register.php
+++ b/Sources/Register.php
@@ -572,7 +572,7 @@ function Activate()
 
				 	$smcFunc['db_free_result']($request);
			
 
				 
			
 
				 	// Change their email address? (they probably tried a fake one first :P.)
			
 
				-	if (isset($_POST['new_email'], $_REQUEST['passwd']) && sha1(strtolower($row['member_name']) . $_REQUEST['passwd']) == $row['passwd'])
			
 
				+	if (isset($_POST['new_email'], $_REQUEST['passwd']) && sha1(strtolower($row['member_name']) . $_REQUEST['passwd']) == $row['passwd'] && ($row['is_activated'] == 0 || $row['is_activated'] == 2))
			
 
				 	{
			
 
				 		if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3)
			
 
				 			fatal_lang_error('no_access', false);
			
--- a/Sources/Reminder.php
+++ b/Sources/Reminder.php
@@ -241,7 +241,7 @@ function setPassword2()
 
				 	require_once($sourcedir . '/LogInOut.php');
			
 
				 
			
 
				 	// Quit if this code is not right.
			
 
				-	if (empty($_POST['code']) || substr($realCode, 0, 10) != substr(md5($_POST['code']), 0, 10))
			
 
				+	if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
			
 
				 	{
			
 
				 		// Stop brute force attacks like this.
			
 
				 		validatePasswordFlood($_POST['u'], $flood_value, false);
			
--- a/Sources/Security.php
+++ b/Sources/Security.php
@@ -60,6 +60,7 @@ function validateSession($type = 'admin')
 
				 		if ($good_password || $_POST[$type . '_hash_pass'] == sha1($user_info['passwd'] . $sc))
			
 
				 		{
			
 
				 			$_SESSION[$type . '_time'] = time();
			
 
				+			unset($_SESSION['request_referer']);
			
 
				 			return;
			
 
				 		}
			
 
				 	}
			
@@ -74,6 +75,7 @@ function validateSession($type = 'admin')
 
				 		if ($good_password || sha1(strtolower($user_info['username']) . $_POST[$type . '_pass']) == $user_info['passwd'])
			
 
				 		{
			
 
				 			$_SESSION[$type . '_time'] = time();
			
 
				+			unset($_SESSION['request_referer']);
			
 
				 			return;
			
 
				 		}
			
 
				 	}
			
@@ -84,9 +86,17 @@ function validateSession($type = 'admin')
 
				 		smf_openID_revalidate();
			
 
				 
			
 
				 		$_SESSION[$type . '_time'] = time();
			
 
				+		unset($_SESSION['request_referer']);
			
 
				 		return;
			
 
				 	}
			
 
				 
			
 
				+
			
 
				+	// Better be sure to remember the real referer
			
 
				+	if (empty($_SESSION['request_referer']))
			
 
				+		$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
			
 
				+	elseif (empty($_POST))
			
 
				+		unset($_SESSION['request_referer']);
			
 
				+
			
 
				 	// Need to type in a password for that, man.
			
 
				 	if (!isset($_GET['xml']))
			
 
				 		adminLogin($type);
			
@@ -647,7 +657,10 @@ function checkSession($type = 'post', $from_action = '', $is_fatal = true)
 
				 	}
			
 
				 
			
 
				 	// Check the referring site - it should be the same server at least!
			
 
				-	$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
			
 
				+	if (isset($_SESSION['request_referer']))
			
 
				+		$referrer = $_SESSION['request_referer'];
			
 
				+	else
			
 
				+		$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
			
 
				 	if (!empty($referrer['host']))
			
 
				 	{
			
 
				 		if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
			
--- a/Sources/Themes.php
+++ b/Sources/Themes.php
@@ -1804,6 +1804,9 @@ function EditTheme()
 
				 	list ($theme_dir, $context['theme_id']) = $smcFunc['db_fetch_row']($request);
			
 
				 	$smcFunc['db_free_result']($request);
			
 
				 
			
 
				+	if (!file_exists($theme_dir . '/index.template.php') && !file_exists($theme_dir . '/css/index.css'))
			
 
				+		fatal_lang_error('theme_edit_missing', false);
			
 
				+
			
 
				 	if (!isset($_REQUEST['filename']))
			
 
				 	{
			
 
				 		if (isset($_GET['directory']))
			
--- a/Themes/default/languages/Post.english.php
+++ b/Themes/default/languages/Post.english.php
@@ -221,7 +221,7 @@ $txt['error_temp_attachments_new'] = 'There are attachments which you had previo
 
				 $txt['error_temp_attachments_found'] = 'The following attachments were found which you had previously attached to another post but not posted. It is advisable that you do not post until these are either removed or that post has been submited.<br />Click %1$s to remove those attachments. Or %2$s to return to that post.%3$s';
			
 
				 $txt['error_temp_attachments_lost'] = 'The following attachments were found which you had previously attached to another post but not posted. It is advisable that you do not upload any more attachments until these are removed or that post has been submitedd.<br />Click %1$s to remove these attachments.%2$s';
			
 
				 $txt['error_temp_attachments_gone'] = 'Those attachments have now been removed and you have been returned to the page you were previously on';
			
 
				-$txt['error_temp_attachments_flushed'] = 'Please note that any files which had been previously attached but not posted. Have now been removed.';
			
 
				+$txt['error_temp_attachments_flushed'] = 'Please note that any files which had been previously attached but not posted have now been removed.';
			
 
				 $txt['error_topic_already_announced'] = 'Please note that this topic has already been announced.';
			
 
				 
			
 
				 $txt['cant_access_upload_path'] = 'Cannot access attachments upload path!';