moparisthebest/moparscape.org-smf
1
0
Fork 0
mirror of https://github.com/moparisthebest/moparscape.org-smf synced 2024-11-21 08:15:09 -05:00
Code Issues Releases Wiki Activity

simpleportal with eval removed

Browse Source
This commit is contained in:
Tom 2014-05-20 16:10:36 +00:00
parent 4df31ab18f
commit 46ba401666
6 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Packages/SimplePortal_2.3.5.zip
View File

Binary file not shown.

BIN
Packages/backups/2014-05-20_backup_SimplePortal_2.tar.gz Normal file
View File

Binary file not shown.

BIN
Packages/backups/2014-05-20_before_SimplePortal_2.tar.gz Normal file
View File

Binary file not shown.

2
Packages/installed.list
View File

@ -1 +1 @@
1400527916 1400602042

4
Sources/PortalBlocks.php
View File

@ -3550,7 +3550,7 @@ function sp_php($parameters, $id, $return_parameters = false)
if ($return_parameters) if ($return_parameters)
return $block_parameters; return $block_parameters;
$content = !empty($parameters['content']) ? $parameters['content'] : ''; $content = " ";
$content = trim(un_htmlspecialchars($content)); $content = trim(un_htmlspecialchars($content));
if (substr($content, 0, 5) == '<?php') if (substr($content, 0, 5) == '<?php')
@ -3558,7 +3558,7 @@ function sp_php($parameters, $id, $return_parameters = false)
if (substr($content, -2) == '?>') if (substr($content, -2) == '?>')
$content = substr($content, 0, -2); $content = substr($content, 0, -2);
eval($content); //eval($content);
} }
?> ?>

5
Sources/Subs-Portal.php
View File

@ -509,7 +509,8 @@ function getShowInfo($block_id = null, $display = null, $custom = null)
); );
} }
return @eval(str_replace(array_keys($variables), array_values($variables), un_htmlspecialchars(substr($custom, 4))) . ';'); //return @eval(str_replace(array_keys($variables), array_values($variables), un_htmlspecialchars(substr($custom, 4))) . ';');
return "";
} }
$custom = explode(',', $custom); $custom = explode(',', $custom);
@ -1154,7 +1155,7 @@ function sportal_parse_page($body, $type)
$body = trim(un_htmlspecialchars($body)); $body = trim(un_htmlspecialchars($body));
$body = trim($body, '<?php'); $body = trim($body, '<?php');
$body = trim($body, '?>'); $body = trim($body, '?>');
eval($body); //eval($body);
} }
} }