From 1aebecad96bf2e924f3d1970bbead03ee01eecd6 Mon Sep 17 00:00:00 2001 From: mikelittle Date: Wed, 4 Jun 2003 00:14:49 +0000 Subject: [PATCH] =?UTF-8?q?Fix=20remote=20SQL=20injection=20exploit.=20"b2?= =?UTF-8?q?=200.6.2=20and=20prior"=20allow=20sql=20injection=20in=20./blog?= =?UTF-8?q?.header.php.=20$posts=20isn=EF=BF=BDt=20convert=20to=20integer,?= =?UTF-8?q?=20so=20we=20can=20inject=20a=20sql=20in=20this=20variable.=20I?= =?UTF-8?q?n=20MySQL=204.x=20UNION=20and=20subselects=20can=20be=20used=20?= =?UTF-8?q?to=20obtain=20privileges.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: http://svn.automattic.com/wordpress/trunk@153 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- blog.header.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/blog.header.php b/blog.header.php index 3f8fc61c20..658fbd0c59 100644 --- a/blog.header.php +++ b/blog.header.php @@ -32,13 +32,13 @@ $b2varstoreset = array('m','p','posts','w','c', 'cat','withcomments','s','search /* Sending HTTP headers */ -@header ("X-Pingback: $siteurl/xmlrpc.php"); // It is presumptious to think that WP is the only thing that might change on the page. @header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past @header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified @header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 @header("Cache-Control: post-check=0, pre-check=0", false); @header("Pragma: no-cache"); // HTTP/1.0 +@header ("X-Pingback: $siteurl/xmlrpc.php"); /* Getting settings from db */ $posts_per_page = get_settings('posts_per_page'); @@ -58,9 +58,10 @@ $distinct = ''; if ($pagenow != 'b2edit.php') { timer_start(); } -if ($posts) +if ($posts) { + $posts = (int)$posts; $posts_per_page=$posts; - +} // if a month is specified in the querystring, load that month if ($m != '') { $m = ''.intval($m);