AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs.

Browse Source
This commit is contained in:
johnnyq
2021-12-13 12:21:55 -05:00
parent ed2dfa1b74
commit 4604280efe
5 changed files with 28 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
functions.php
View File

@@ -283,9 +283,9 @@ function formatPhoneNumber($phoneNumber) {
}
//SESSION FINGERPRINT
$session_ip = get_ip();
$session_os = get_os();
$session_browser = get_web_browser();
$session_device = get_device();
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
$session_browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$session_device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
?>