Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.
Maybe There is an possible sql inject.
I found a potential sql injection. In the function getPageByName of file framework/core/subsystems/expRouter.php, in the line 707,
Code:$section = $db->selectObject('section', "sef_name='".$url_name."'");
Maybe $url_name could be controlled in line 786, $section = $this->url_style=="sef" ? $this->getPageByName($_REQUEST['section']), which may lead to sql injection.
Suggested Fix:
line 707, file framework/core/subsystems/expRouter.php
$section = $db->selectObject('section', "sef_name='".expString::escape($url_name)."'"); ^-^
Code:$section = $db->selectObject('section', "sef_name='".$url_name."'");
Maybe $url_name could be controlled in line 786, $section = $this->url_style=="sef" ? $this->getPageByName($_REQUEST['section']), which may lead to sql injection.
Suggested Fix:
line 707, file framework/core/subsystems/expRouter.php
$section = $db->selectObject('section', "sef_name='".expString::escape($url_name)."'"); ^-^
Comments