TUCoPS :: Web :: General :: sb5875.htm

Anyone can read all XOOPS private messages via pmlite.php
16th Dec 2002 [SBWID-5875]
COMMAND

	Anyone can read all XOOPS private messages via pmlite.php

SYSTEMS AFFECTED

	XOOPS RC3 (tested)

PROBLEM

	Thanks to valdeux [valdeux@aol.com] advisory :
	
	 http://www.phpsecure.org/?zone=pComment&d=101
	
	
	As most part of PHP CMS, XOOPS allows users to send and receive  Private
	Messages (PMs), that are  saved  on  the  DataBase.  We  found  how  all
	messages are readable, Bug :
	
		if ($reply == 1) {
			$pm = new XoopsPM($msg_id);
			$pm_uname = XoopsUser::getUnameFromId($pm->getVar
	("from_userid"));
	         	$replytext = "[quote]\n";
			$replytext .= sprintf(_PM_USERWROTE,$pm_uname);
			$replytext .= "\n".$pm->getVar("msg_text", "E")."\n
	[/quote]";
	
	
	

SOLUTION

	A patched file is available on www.phpsecure.org :
	
	 http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=x
	
	patch :
	
		ligne 76 : if($pm->getVar("to_userid") != $xoopsUser->getVar("uid"))
		ligne 77 :	die("Désolé, c'est patché :)<br><br><a href=\"http://www.phpsecure.org\">phpSecure();</a>");
	

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH