Moderator: Integra Moderator
if ( !defined('IN_PHPBB') ){ die('Hacking attempt'); exit;}include_once($phpbb_root_path . 'includes/lite.'.$phpEx);
"ihammo";p="14125" wrote:thankfully i have already disabled the style select on my site as I dont want people to be able to use it anyway.
if ( isset($HTTP_POST_VARS[STYLE_URL]) || isset($HTTP_GET_VARS[STYLE_URL]) ) { $style = urldecode( (isset($HTTP_POST_VARS[STYLE_URL])) ? $HTTP_POST_VARS[STYLE_URL] ] ); if ( $theme = setup_style($style) ) { setcookie($board_config['cookie_name'] . '_style', $style, time() + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); return; } } if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style']) ) { $style = $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style']; if ( $theme = setup_style($style) ) { return; } }
/* if ( isset($HTTP_POST_VARS[STYLE_URL]) || isset($HTTP_GET_VARS[STYLE_URL]) ) { $style = urldecode( (isset($HTTP_POST_VARS[STYLE_URL])) ? $HTTP_POST_VARS[STYLE_URL] ] ); if ( $theme = setup_style($style) ) { setcookie($board_config['cookie_name'] . '_style', $style, time() + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); return; } } if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style']) ) { $style = $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style']; if ( $theme = setup_style($style) ) { return; } }*/
if(isset($HTTP_POST_VARS['STYLE_URL']) || isset($HTTP_GET_VARS['STYLE_URL'])) replace with if(isset($HTTP_POST_VARS['STYLE_URL']) || (int) isset($HTTP_GET_VARS['STYLE_URL'])) And $style = urldecode((isset($HTTP_POST_VARS['STYLE_URL'])) ? $HTTP_POST_VARS['STYLE_URL'] ]); with (int) $style = urldecode((isset($HTTP_POST_VARS['STYLE_URL'])) ? $HTTP_POST_VARS['STYLE_URL'] : (int) $HTTP_GET_VARS['STYLE_URL']);
Registered users: Bing [Bot], Majestic-12 [Bot]