github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-21 13:54:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Some security enhancements (#1505)

Browse source 
* Some security enhancements

* Update CHANGELOG.md
This commit is contained in:
Roman Kelesidis 2024-06-12 13:12:25 +07:00 committed by GitHub
commit 411a756085
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
library/ajax/posts.php
View file

@ -76,9 +76,10 @@ switch ($this->request['type']) {
$message = "[quote=\"" . $quote_username . "\"][qpost=" . $post['post_id'] . "]" . $post['post_text'] . "[/quote]\r";
// hide user passkey
$message = preg_replace('#(?<=\?uk=)[a-zA-Z0-9](?=&)#', 'passkey', $message);
$message = preg_replace('#(?<=[\?&;]' . $bb_cfg['passkey_key'] . '=)[a-zA-Z0-9]#', 'passkey', $message);
// hide sid
$message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]#', 'sid', $message);
$message = $wordCensor->censorString($message);
if ($post['post_id'] == $post['topic_first_post_id']) {