} print_stop_message('security_alert_tools_still_exists_in_x', $vbulletin->config['Misc']['admincpdir']); } else { if (file_exists(DIR . '/' . $vbulletin->config['Misc']['modcpdir'] . '/tools.php')) { if ($_SERVER['REQUEST_METHOD'] == 'GET') { define('CP_CONTINUE', $vbulletin->scriptpath); } print_stop_message('security_alert_tools_still_exists_in_x', $vbulletin->config['Misc']['modcpdir']); } } } } } // ############################################ Start Login Check #################################### $vbulletin->input->clean_array_gpc('p', array('adminhash' => TYPE_STR, 'ajax' => TYPE_BOOL)); assert_cp_sessionhash(); if (!CP_SESSIONHASH or $checkpwd or $vbulletin->options['timeoutcontrolpanel'] and !$vbulletin->session->vars['loggedin']) { // ############################################################################# // Put in some auto-repair ;) $check = array(); $spectemps = $db->query_read("SELECT title FROM " . TABLE_PREFIX . "datastore"); while ($spectemp = $db->fetch_array($spectemps)) { $check["{$spectemp['title']}"] = true; } $db->free_result($spectemps); if (!$check['maxloggedin']) { build_datastore('maxloggedin', '', 1); } if (!$check['smiliecache']) { build_datastore('smiliecache', '', 1); build_image_cache('smilie');
/** * Verifies the CP sessionhash is sent through with the request to prevent * an XSS-style issue. * * @param boolean Whether to halt if an error occurs * @param string Name of the input variable to look at * * @return boolean True on success, false on failure */ function verify_cp_sessionhash($halt = true, $input = 'hash') { global $vbulletin; assert_cp_sessionhash(); if (!isset($vbulletin->GPC["{$input}"])) { $vbulletin->input->clean_array_gpc('r', array($input => TYPE_STR)); } if ($vbulletin->GPC["{$input}"] != CP_SESSIONHASH) { if ($halt) { print_stop_message('security_alert_hash_mismatch'); } else { return false; } } return true; }
/** * Checks if a post request was intended for this item controller. * * @return bool */ public function verifyPostId() { require_once(DIR . '/includes/adminfunctions.php'); assert_cp_sessionhash(); vB::$vbulletin->input->clean_array_gpc('p', array( 'item_type' => vB_Input::TYPE_NOCLEAN, 'item_class' => vB_Input::TYPE_STR, 'item_id' => vB_Input::TYPE_NOCLEAN, 'adminhash' => vB_Input::TYPE_STR )); return ((vB::$vbulletin->GPC['item_type'] == 'widget') AND (vB::$vbulletin->GPC['item_class'] == vBCms_Types::instance()->getTypeKey($this->widget->getPackage(), $this->widget->getClass())) AND vB::$vbulletin->GPC['item_id'] == $this->widget->getId() AND (!defined('ADMINHASH') OR ADMINHASH == vB::$vbulletin->GPC['adminhash']) AND (CP_SESSIONHASH AND (!$vbulletin->options['timeoutcontrolpanel'] OR $vbulletin->session->vars['loggedin']))); }