MyBB 1.8.20

mybb · Feb 27, 2019 · 84a8c1a · 84a8c1a
1 parent fa390cc
commit 84a8c1a
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 57 deletions.
diff --git a/admin/modules/style/themes.php b/admin/modules/style/themes.php
@@ -1457,8 +1457,12 @@ function checkAction(id)
 				// It's a file:
 				++$count;
 
+				$name = htmlspecialchars_uni($name);
+
 				if($actions[0] != "global")
 				{
+					$actions = array_map('htmlspecialchars_uni', $actions);
+
 					$name = "{$name} ({$lang->actions}: ".implode(',', $actions).")";
 				}
 
@@ -1680,7 +1684,10 @@ function checkAction(id)
 		if(get_extension($mybb->input['name']) != "css")
 		{
 			// Does not end with '.css'
-			$errors[] = $lang->sprintf($lang->error_missing_stylesheet_extension, $mybb->input['name']);
+			$errors[] = $lang->sprintf(
+				$lang->error_missing_stylesheet_extension,
+				htmlspecialchars_uni($mybb->input['name'])
+			);
 		}
 
 		if(!$errors)

diff --git a/inc/functions.php b/inc/functions.php
@@ -624,7 +624,7 @@ function generate_post_check()
 	// Guests get a special string
 	else
 	{
-		return md5($session->useragent.$mybb->config['database']['username'].$mybb->settings['internal']['encryption_key']);
+		return md5($session->sid.$mybb->config['database']['username'].$mybb->settings['internal']['encryption_key']);
 	}
 }
 

diff --git a/install/resources/mybb_theme.xml b/install/resources/mybb_theme.xml
@@ -5586,7 +5586,7 @@ if(use_xmlhttprequest == "1")
 {$footer}
 </body>
 </html>]]></template>
-		<template name="member_resetpassword" version="1813"><![CDATA[<html>
+		<template name="member_resetpassword" version="1820"><![CDATA[<html>
 <head>
 <title>{$mybb->settings['bbname']} - {$lang->reset_password}</title>
 {$headerinclude}
@@ -5601,7 +5601,7 @@ if(use_xmlhttprequest == "1")
 </tr>
 <tr>
 <td class="trow1" width="30%"><strong>{$lang_username}</strong></td>
-<td class="trow1"><input type="text" class="textbox" name="username" value="{$user['username']}" /></td>
+<td class="trow1"><input type="text" class="textbox" name="username" value="{$input_username}" /></td>
 </tr>
 <tr>
 <td class="trow2" width="30%"><strong>{$lang->activation_code}</strong></td>

diff --git a/jscripts/report.js b/jscripts/report.js
@@ -1,49 +1,49 @@
-var Report = {
-	init: function()
-	{
-		$(function(){
-		});
-	},
-
-	reportPost: function(pid)
-	{
-		MyBB.popupWindow("/report.php?modal=1&type=post&pid="+pid);
-	},
-
-	reportUser: function(pid)
-	{
-		MyBB.popupWindow("/report.php?modal=1&type=profile&pid="+pid);
-	},
-
-	reportReputation: function(pid)
-	{
-		MyBB.popupWindow("/report.php?modal=1&type=reputation&pid="+pid);
-	},
-
-	submitReport: function(pid)
-	{
-		// Get form, serialize it and send it
-		var datastring = $(".reportData_"+pid).serialize();
-		$.ajax({
-			type: "POST",
-			url: "report.php?modal=1",
-			data: datastring,
-			dataType: "html",
-			success: function(data) {
-				// Replace modal HTML
-				$('.modal_'+pid).fadeOut('slow', function() {
-					$('.modal_'+pid).html(data);
-					$('.modal_'+pid).fadeIn('slow');
-					$('.modal').fadeIn('slow');
-				});
-			},
-			error: function(){
-				  alert(lang.unknown_error);
-			}
-		});
-
-		return false;
-	}
-};
-
+var Report = {
+	init: function()
+	{
+		$(function(){
+		});
+	},
+
+	reportPost: function(pid)
+	{
+		MyBB.popupWindow("/report.php?modal=1&type=post&pid="+pid);
+	},
+
+	reportUser: function(pid)
+	{
+		MyBB.popupWindow("/report.php?modal=1&type=profile&pid="+pid);
+	},
+
+	reportReputation: function(pid)
+	{
+		MyBB.popupWindow("/report.php?modal=1&type=reputation&pid="+pid);
+	},
+
+	submitReport: function(pid)
+	{
+		// Get form, serialize it and send it
+		var datastring = $(".reportData_"+pid).serialize();
+		$.ajax({
+			type: "POST",
+			url: "report.php?modal=1",
+			data: datastring,
+			dataType: "html",
+			success: function(data) {
+				// Replace modal HTML
+				$('.modal_'+pid).fadeOut('slow', function() {
+					$('.modal_'+pid).html(data);
+					$('.modal_'+pid).fadeIn('slow');
+					$('.modal').fadeIn('slow');
+				});
+			},
+			error: function(){
+				  alert(lang.unknown_error);
+			}
+		});
+
+		return false;
+	}
+};
+
 Report.init();
diff --git a/member.php b/member.php
@@ -1850,13 +1850,13 @@
 				break;
 		}
 
-		$code = $mybb->get_input('code');
+		$code = htmlspecialchars_uni($mybb->get_input('code'));
 
-		if(!isset($user['username']))
+		if(!isset($mybb->input['username']))
 		{
-			$user['username'] = '';
+			$input_username = '';
 		}
-		$user['username'] = htmlspecialchars_uni($user['username']);
+		$input_username = htmlspecialchars_uni($mybb->input['username']);
 
 		eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
 		output_page($activate);

diff --git a/modcp.php b/modcp.php
@@ -3437,7 +3437,7 @@
 
 	$plugins->run_hooks("modcp_finduser_end");
 
-	$username = $mybb->get_input('username');
+	$username = htmlspecialchars_uni($mybb->get_input('username'));
 	eval("\$finduser = \"".$templates->get("modcp_finduser")."\";");
 	output_page($finduser);
 }