LBRYFoundation/pool
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/pool.git synced 2025-09-28 14:20:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: be more strict with algo param

Browse source
This commit is contained in:
Tanguy Pruvot 2018-04-10 11:03:01 +02:00
parent 580801f399
commit 60fb627ad9
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
web/yaamp/core/common/util.php
View file

@ -54,6 +54,12 @@ function getiparam($p,$default=0)
return isset($_REQUEST[$p]) ? intval($_REQUEST[$p]) : $default;
}
function getalgoparam()
{
$algo = strip_tags(substr(getparam('algo'), 0, 32));
return $algo;
}
//////////////////////////////////////////////////////
function downloadFile($url, &$size)

6
web/yaamp/modules/site/SiteController.php
View file

@ -1077,7 +1077,7 @@ class SiteController extends CommonController
$this->goback();
}
public function actionCancelorder()
public function actionCancelorder()
{
if(!$this->admin) return;
$order = getdbo('db_orders', getiparam('id'));
@ -1091,7 +1091,7 @@ class SiteController extends CommonController
public function actionAlgo()
{
$algo = substr(getparam('algo'), 0, 32);
$algo = getalgoparam();
$a = getdbosql('db_algos', "name=:name", array(':name'=>$algo));
if($a)
@ -1108,7 +1108,7 @@ class SiteController extends CommonController
public function actionGomining()
{
$algo = substr(getparam('algo'), 0, 32);
$algo = getalgoparam();
if ($algo == 'all') {
return;
}