yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-03 17:59:55 +02:00
Code Issues Releases Wiki Activity

TALOS Security Advisory for WWBN (TALOS-2022-1551, TALOS-2022-1550, TALOS-2022-1549, TALOS-2022-1548, TALOS-2022-1547, TALOS-2022-1546, TALOS-2022-1545, TALOS-2022-1542, TALOS-2022-1540 - TALOS-2022-1534)

Browse source 
Should all be good now
This commit is contained in:
DanieL 2022-07-07 17:24:20 -03:00
parent 68328cdd42
commit 21fed6e0b7
36 changed files with 3221 additions and 3091 deletions
Download patch file Download diff file Expand all files Collapse all files

2
install/checkConfiguration.php
View file

@ -4,7 +4,7 @@ if (file_exists("../videos/configuration.php")) {
exit; exit;
} }
$installationVersion = "11.8"; $installationVersion = "12.0";
error_log("Installation: ".__LINE__." ". json_encode($_POST)); error_log("Installation: ".__LINE__." ". json_encode($_POST));
header('Content-Type: application/json'); header('Content-Type: application/json');

2
install/liveLinks.php
View file

@ -8,7 +8,7 @@ if (!isCommandLineInterface()) {
AVideoPlugin::loadPlugin("Live"); AVideoPlugin::loadPlugin("Live");
$channelName = $global['mysqli']->real_escape_string($channelName); $channelName = ($channelName);
$sql = "SELECT lt.*, u.* FROM users u LEFT JOIN live_transmitions lt ON users_id = u.id " $sql = "SELECT lt.*, u.* FROM users u LEFT JOIN live_transmitions lt ON users_id = u.id "
. " WHERE canStream = 1 AND status = 'a' ORDER BY public DESC LIMIT 20"; . " WHERE canStream = 1 AND status = 'a' ORDER BY public DESC LIMIT 20";
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);

45
objects/Object.php
View file

@ -3,7 +3,6 @@ interface ObjectInterface
{ {
public static function getTableName(); public static function getTableName();
public static function getSearchFieldsNames();
} }
$tableExists = []; $tableExists = [];
@ -20,7 +19,11 @@ abstract class ObjectYPT implements ObjectInterface
} }
} }
protected function load($id) public static function getSearchFieldsNames(){
return array();
}
public function load($id)
{ {
$row = self::getFromDb($id); $row = self::getFromDb($id);
if (empty($row)) { if (empty($row)) {
@ -165,8 +168,8 @@ abstract class ObjectYPT implements ObjectInterface
if (!empty($_POST['sort'])) { if (!empty($_POST['sort'])) {
$orderBy = []; $orderBy = [];
foreach ($_POST['sort'] as $key => $value) { foreach ($_POST['sort'] as $key => $value) {
$key = $global['mysqli']->real_escape_string($key); $key = ($key);
//$value = $global['mysqli']->real_escape_string($value); //$value = ($value);
$direction = "ASC"; $direction = "ASC";
if (strtoupper($value) === "DESC") { if (strtoupper($value) === "DESC") {
$direction = "DESC"; $direction = "DESC";
@ -253,7 +256,7 @@ abstract class ObjectYPT implements ObjectInterface
} }
if (!empty($_GET['q'])) { if (!empty($_GET['q'])) {
global $global; global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($_GET['q'])); $search = (xss_esc($_GET['q']));
$like = []; $like = [];
$searchFields = static::getSearchFieldsNames(); $searchFields = static::getSearchFieldsNames();
@ -287,10 +290,13 @@ abstract class ObjectYPT implements ObjectInterface
} }
global $global; global $global;
$fieldsName = $this->getAllFields(); $fieldsName = $this->getAllFields();
$formats = '';
$values = array();
if (!empty($this->id)) { if (!empty($this->id)) {
$sql = "UPDATE " . static::getTableName() . " SET "; $sql = "UPDATE " . static::getTableName() . " SET ";
$fields = []; $fields = [];
foreach ($fieldsName as $value) { foreach ($fieldsName as $value) {
//$escapedValue = $global['mysqli']->real_escape_string($this->$value);
if (strtolower($value) == 'created') { if (strtolower($value) == 'created') {
// do nothing // do nothing
} elseif (strtolower($value) == 'modified') { } elseif (strtolower($value) == 'modified') {
@ -299,17 +305,21 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) { if (empty($this->$value)) {
$this->$value = date_default_timezone_get(); $this->$value = date_default_timezone_get();
} }
$fields[] = " `{$value}` = '{$this->$value}' "; $formats .= 's';
} elseif (is_numeric($this->$value)) { $values[] = $this->$value;
$fields[] = " `{$value}` = {$this->$value} "; $fields[] = " `{$value}` = ? ";
} elseif (!isset($this->$value) || strtolower($this->$value) == 'null') { } elseif (!isset($this->$value) || strtolower($this->$value) == 'null') {
$fields[] = " `{$value}` = NULL "; $fields[] = " `{$value}` = NULL ";
} else { } else {
$fields[] = " `{$value}` = '{$this->$value}' "; $formats .= 's';
$values[] = $this->$value;
$fields[] = " `{$value}` = ? ";
} }
} }
$sql .= implode(", ", $fields); $sql .= implode(", ", $fields);
$sql .= " WHERE id = {$this->id}"; $formats .= 'i';
$values[] = $this->id;
$sql .= " WHERE id = ?";
} else { } else {
$sql = "INSERT INTO " . static::getTableName() . " ( "; $sql = "INSERT INTO " . static::getTableName() . " ( ";
$sql .= "`" . implode("`,`", $fieldsName) . "` )"; $sql .= "`" . implode("`,`", $fieldsName) . "` )";
@ -321,20 +331,25 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) { if (empty($this->$value)) {
$this->$value = date_default_timezone_get(); $this->$value = date_default_timezone_get();
} }
$fields[] = " '{$this->$value}' "; $formats .= 's';
$values[] = $this->$value;
$fields[] = " ? ";
} elseif (!isset($this->$value) || (is_string($this->$value) && strtolower($this->$value) == 'null')) { } elseif (!isset($this->$value) || (is_string($this->$value) && strtolower($this->$value) == 'null')) {
$fields[] = " NULL "; $fields[] = " NULL ";
} elseif (is_string($this->$value) || is_numeric($this->$value)) { } elseif (is_string($this->$value) || is_numeric($this->$value)) {
$fields[] = " '{$this->$value}' "; $formats .= 's';
$values[] = $this->$value;
$fields[] = " ? ";
} else { } else {
$fields[] = " NULL "; $fields[] = " NULL ";
} }
} }
$sql .= " VALUES (" . implode(", ", $fields) . ")"; $sql .= " VALUES (" . implode(", ", $fields) . ")";
} }
//if(static::getTableName() == 'Scheduler_commands'){ echo $sql;var_dump($this->parameters);exit;} //var_dump(static::getTableName(), $sql, $values);
//echo $sql;var_dump($this->parameters);exit; //if(static::getTableName() == 'videos'){ echo $sql;var_dump($values);exit;}return false;
$insert_row = sqlDAL::writeSql($sql); //echo $sql;var_dump($values);exit;
$insert_row = sqlDAL::writeSql($sql, $formats, $values);
if ($insert_row) { if ($insert_row) {
if (empty($this->id)) { if (empty($this->id)) {

2
objects/bootGrid.php
View file

@ -58,7 +58,7 @@ class BootGrid
if (!empty($_POST['searchPhrase'])) { if (!empty($_POST['searchPhrase'])) {
global $global; global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($_POST['searchPhrase'])); $search = (xss_esc($_POST['searchPhrase']));
$search = str_replace('"', '"', $search); $search = str_replace('"', '"', $search);
$like = []; $like = [];
foreach ($searchFieldsNames as $value) { foreach ($searchFieldsNames as $value) {

2
objects/category.php
View file

@ -98,7 +98,7 @@ class Category {
} }
} }
private function load($id) { public function load($id) {
$row = self::getCategory($id); $row = self::getCategory($id);
if (empty($row)) { if (empty($row)) {
return false; return false;

4
objects/comment.php
View file

@ -60,7 +60,7 @@ class Comment
return $this->videos_id; return $this->videos_id;
} }
private function load($id) public function load($id)
{ {
$row = $this->getComment($id); $row = $this->getComment($id);
if (empty($row)) { if (empty($row)) {
@ -80,7 +80,7 @@ class Comment
die('{"error":"'.__("Permission denied").'"}'); die('{"error":"'.__("Permission denied").'"}');
} }
//$this->comment = htmlentities($this->comment); //$this->comment = htmlentities($this->comment);
$this->comment = $global['mysqli']->real_escape_string($this->comment); $this->comment = ($this->comment);
if (empty($this->comment)) { if (empty($this->comment)) {
return false; return false;

2
objects/comments_like.php
View file

@ -40,7 +40,7 @@ class CommentsLike
$this->like = $like; $this->like = $like;
} }
private function load() public function load()
{ {
$like = $this->getLike(); $like = $this->getLike();
if (empty($like)) { if (empty($like)) {

122
objects/configuration.php
View file

@ -5,42 +5,42 @@ if (!isset($global['systemRootPath'])) {
} }
require_once $global['systemRootPath'] . 'objects/user.php'; require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/functions.php'; require_once $global['systemRootPath'] . 'objects/functions.php';
require_once $global['systemRootPath'] . 'objects/Object.php';
class Configuration class Configuration extends ObjectYPT{
{ protected $id;
private $id; protected $video_resolution;
private $video_resolution; protected $webSiteTitle;
private $webSiteTitle; protected $language;
private $language; protected $contactEmail;
private $contactEmail; protected $users_id;
private $users_id; protected $version;
private $version; protected $authCanUploadVideos;
private $authCanUploadVideos; protected $authCanViewChart;
private $authCanViewChart; protected $authCanComment;
private $authCanComment; protected $head;
private $head; protected $logo;
private $logo; protected $logo_small;
private $logo_small; protected $adsense;
private $adsense; protected $mode;
private $mode;
// version 2.7 // version 2.7
private $disable_analytics; protected $disable_analytics;
private $disable_youtubeupload; protected $disable_youtubeupload;
private $allow_download; protected $allow_download;
private $session_timeout; protected $session_timeout;
private $autoplay; protected $autoplay;
// version 3.1 // version 3.1
private $theme; protected $theme;
//version 3.3 //version 3.3
private $smtp; protected $smtp;
private $smtpAuth; protected $smtpAuth;
private $smtpSecure; protected $smtpSecure;
private $smtpHost; protected $smtpHost;
private $smtpUsername; protected $smtpUsername;
private $smtpPassword; protected $smtpPassword;
private $smtpPort; protected $smtpPort;
// version 4 // version 4
private $encoderURL; protected $encoderURL;
public function __construct($video_resolution = "") public function __construct($video_resolution = "")
{ {
@ -50,29 +50,13 @@ class Configuration
} }
} }
public function load() public function load($id='')
{ {
global $global; global $global;
_mysql_connect(); return parent::load(1);
$sql = "SELECT * FROM configurations WHERE id = 1 LIMIT 1";
//echo $sql;exit;
// add true because I was not getting the SMTP configuration on function setSiteSendMessage(&$mail)
$res = sqlDAL::readSql($sql, '', [], true);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res && !empty($result)) {
$config = $result;
//var_dump($config);exit;
foreach ($config as $key => $value) {
$this->$key = $value;
}
} else {
return false;
}
} }
public function save() public function save(){
{
global $global; global $global;
if (!User::isAdmin()) { if (!User::isAdmin()) {
header('Content-Type: application/json'); header('Content-Type: application/json');
@ -82,38 +66,7 @@ class Configuration
ObjectYPT::deleteCache("getEncoderURL"); ObjectYPT::deleteCache("getEncoderURL");
$sql = "UPDATE configurations SET " return parent::save();
. "video_resolution = '{$this->video_resolution}',"
. "webSiteTitle = '{$this->webSiteTitle}',"
. "language = '{$this->language}',"
. "contactEmail = '{$this->contactEmail}',"
. "users_id = '{$this->users_id}', "
. "authCanUploadVideos = '{$this->authCanUploadVideos}',"
. "authCanViewChart = '{$this->authCanViewChart}',"
. "authCanComment = '{$this->authCanComment}',"
. "encoderURL = '{$global['mysqli']->real_escape_string($this->_getEncoderURL())}',"
. "head = '{$global['mysqli']->real_escape_string($this->getHead())}',"
. "adsense = '{$global['mysqli']->real_escape_string($this->getAdsense())}',"
. "mode = '{$this->getMode()}',"
. "logo = '{$global['mysqli']->real_escape_string($this->getLogo())}',"
. "logo_small = '{$global['mysqli']->real_escape_string($this->getLogo_small())}',"
. "disable_analytics = '{$this->getDisable_analytics()}',"
. "disable_youtubeupload = '{$this->getDisable_youtubeupload()}',"
. "allow_download = '{$this->getAllow_download()}',"
. "session_timeout = '{$this->getSession_timeout()}',"
. "autoplay = '{$this->getAutoplay()}',"
. "theme = '{$global['mysqli']->real_escape_string($this->getTheme())}',"
. "smtp = '{$this->getSmtp()}',"
. "smtpAuth = '{$this->getSmtpAuth()}',"
. "smtpSecure = '{$global['mysqli']->real_escape_string($this->getSmtpSecure())}',"
. "smtpHost = '{$global['mysqli']->real_escape_string($this->getSmtpHost())}',"
. "smtpUsername = '{$global['mysqli']->real_escape_string($this->getSmtpUsername())}',"
. "smtpPort = '{$global['mysqli']->real_escape_string($this->getSmtpPort())}',"
. "smtpPassword = '{$global['mysqli']->real_escape_string($this->getSmtpPassword())}'"
. " WHERE id = 1";
return sqlDAL::writeSql($sql);
} }
public function getVideo_resolution() public function getVideo_resolution()
@ -624,4 +577,9 @@ require_once \$global['systemRootPath'].'objects/include_config.php';
} }
return " " . PAGE_TITLE_SEPARATOR . " "; return " " . PAGE_TITLE_SEPARATOR . " ";
} }
public static function getTableName() {
return 'configurations';
}
} }

54
objects/functions.php
View file

@ -24,6 +24,14 @@ if (!function_exists('xss_esc')) {
if (empty($text)) { if (empty($text)) {
return ""; return "";
} }
if(!is_string($text)){
if(is_array($text)){
foreach ($text as $key => $value) {
$text[$key] = xss_esc($value);
}
}
return $text;
}
$result = @htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); $result = @htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
if (empty($result)) { if (empty($result)) {
$result = str_replace(['"', "'", "\\"], ["", "", ""], strip_tags($text)); $result = str_replace(['"', "'", "\\"], ["", "", ""], strip_tags($text));
@ -2000,7 +2008,7 @@ function unzipDirectory($filename, $destination) {
sleep(2); sleep(2);
ini_set('memory_limit', '-1'); ini_set('memory_limit', '-1');
ini_set('max_execution_time', 7200); // 2 hours ini_set('max_execution_time', 7200); // 2 hours
$filename = escapeshellarg($filename); $filename = escapeshellarg(safeString($filename,true));
$destination = escapeshellarg($destination); $destination = escapeshellarg($destination);
$cmd = "unzip -: {$filename} -d {$destination}" . " 2>&1"; $cmd = "unzip -: {$filename} -d {$destination}" . " 2>&1";
_error_log("unzipDirectory: {$cmd}"); _error_log("unzipDirectory: {$cmd}");
@ -2414,6 +2422,7 @@ function isValidM3U8Link($url, $timeout = 3) {
function url_get_contents($url, $ctx = "", $timeout = 0, $debug = false) { function url_get_contents($url, $ctx = "", $timeout = 0, $debug = false) {
global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase, $mysqlPort; global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase, $mysqlPort;
if (!isValidURLOrPath($url)) { if (!isValidURLOrPath($url)) {
_error_log('url_get_contents Cannot download '.$url);
return false; return false;
} }
if ($debug) { if ($debug) {
@ -3398,6 +3407,7 @@ function rrmdir($dir) {
function rrmdirCommandLine($dir, $async = false) { function rrmdirCommandLine($dir, $async = false) {
if (is_dir($dir)) { if (is_dir($dir)) {
$dir = escapeshellarg($dir);
if (isWindows()) { if (isWindows()) {
$command = ('rd /s /q ' . $dir); $command = ('rd /s /q ' . $dir);
} else { } else {
@ -5010,12 +5020,13 @@ function isValidURLOrPath($str, $insideCacheOrTmpDirOnly = true) {
} }
if (str_starts_with($str, '/') || str_starts_with($str, '../') || preg_match("/^[a-z]:.*/i", $str)) { if (str_starts_with($str, '/') || str_starts_with($str, '../') || preg_match("/^[a-z]:.*/i", $str)) {
if ($insideCacheOrTmpDirOnly) { if ($insideCacheOrTmpDirOnly) {
$vroot = realpath($str); $absolutePath = realpath($str);
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $ext = strtolower(pathinfo($absolutePath, PATHINFO_EXTENSION));
if ($ext == 'php') { if ($ext == 'php') {
return false; return false;
} }
if (str_starts_with($vroot, getTmpDir()) || str_starts_with($vroot, $global['systemRootPath'])) { $cacheDir = "{$global['systemRootPath']}videos/cache/";
if (str_starts_with($absolutePath, getTmpDir()) || str_starts_with($absolutePath, $cacheDir)) {
return true; return true;
} }
} else { } else {
@ -5181,7 +5192,7 @@ function reloadSearchVar() {
} }
function wget($url, $filename, $debug = false) { function wget($url, $filename, $debug = false) {
if (empty($url) || $url == "php://input" || !preg_match("/^http/", $url)) { if (empty($url) || $url == "php://input" || !isValidURL($url)) {
return false; return false;
} }
if ($lockfilename = wgetIsLocked($url)) { if ($lockfilename = wgetIsLocked($url)) {
@ -6216,6 +6227,9 @@ function setToastMessage($msg) {
} }
function showAlertMessage() { function showAlertMessage() {
if(!requestComesFromSafePlace()){
return false;
}
if (!empty($_SESSION['YPTalertMessage'])) { if (!empty($_SESSION['YPTalertMessage'])) {
foreach ($_SESSION['YPTalertMessage'] as $value) { foreach ($_SESSION['YPTalertMessage'] as $value) {
if (!empty($value[0])) { if (!empty($value[0])) {
@ -6229,9 +6243,10 @@ function showAlertMessage() {
unset($_SESSION['YPTalertMessage']); unset($_SESSION['YPTalertMessage']);
} }
$joinString = ['error', 'msg', 'success']; $joinString = ['error', 'msg', 'success', 'toast'];
foreach ($joinString as $value) { foreach ($joinString as $value) {
if (!empty($_GET[$value]) && is_array($_GET[$value])) { if (!empty($_GET[$value]) ) {
if (is_array($_GET[$value])) {
$_GET[$value] = array_unique($_GET[$value]); $_GET[$value] = array_unique($_GET[$value]);
$newStr = []; $newStr = [];
foreach ($_GET[$value] as $value2) { foreach ($_GET[$value] as $value2) {
@ -6240,6 +6255,9 @@ function showAlertMessage() {
} }
} }
$_GET[$value] = implode("<br>", $newStr); $_GET[$value] = implode("<br>", $newStr);
}else{
$_GET[$value] = $_GET[$value];
}
} }
} }
@ -6290,7 +6308,7 @@ function showAlertMessage() {
} }
echo '$.toast({ echo '$.toast({
text: "' . $value . '", text: "' . strip_tags($value, $allowable_tags) . '",
hideAfter: ' . $hideAfter . ' // in milli seconds hideAfter: ' . $hideAfter . ' // in milli seconds
});console.log("Toast Hide after ' . $hideAfter . '");'; });console.log("Toast Hide after ' . $hideAfter . '");';
} }
@ -8803,3 +8821,23 @@ function _empty($html_string) {
} }
return emptyHTML($html_string); return emptyHTML($html_string);
} }
function adminSecurityCheck($force=false){
if(empty($force)){
if(!empty($_SESSION['adminSecurityCheck'])){
return false;
}
if(!User::isAdmin()){
return false;
}
}
global $global;
$videosHtaccessFile = getVideosDir().'.htaccess';
if(!file_exists($videosHtaccessFile)){
$bytes = copy("{$global['systemRootPath']}objects/htaccess_for_videos.conf",$videosHtaccessFile);
_error_log("adminSecurityCheck: file created {$videosHtaccessFile} {$bytes} bytes");
}
_session_start();
$_SESSION['adminSecurityCheck'] = time();
return true;
}

16
objects/htaccess_for_videos.conf Normal file
View file

@ -0,0 +1,16 @@
<IfModule !authz_core_module>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule authz_core_module>
Require all denied
</IfModule>
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ts|txt|mp4|mp3|m3u8|webp|key|css|tff|woff|woff2)$">
<IfModule !authz_core_module>
Order Allow,Deny
Allow from all
</IfModule>
<IfModule authz_core_module>
Require all granted
</IfModule>
</filesMatch>

1
objects/include_config.php
View file

@ -148,6 +148,7 @@ require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/video.php'; require_once $global['systemRootPath'] . 'objects/video.php';
require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php'; require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php';
adminSecurityCheck();
setSiteLang(); setSiteLang();
fixSystemPath(); fixSystemPath();
ObjectYPT::checkSessionCacheBasedOnLastDeleteALLCacheTime(); ObjectYPT::checkSessionCacheBasedOnLastDeleteALLCacheTime();

2
objects/like.php
View file

@ -59,7 +59,7 @@ class Like
$this->like = $like; $this->like = $like;
} }
private function load() public function load()
{ {
$like = $this->getLike(); $like = $this->getLike();
if (empty($like)) { if (empty($like)) {

6
objects/plugin.php
View file

@ -427,7 +427,7 @@ class Plugin extends ObjectYPT
public static function deleteByUUID($uuid) public static function deleteByUUID($uuid)
{ {
global $global; global $global;
$uuid = $global['mysqli']->real_escape_string($uuid); $uuid = ($uuid);
if (!empty($uuid)) { if (!empty($uuid)) {
_error_log("Plugin:deleteByUUID {$uuid}"); _error_log("Plugin:deleteByUUID {$uuid}");
$sql = "DELETE FROM " . static::getTableName() . " "; $sql = "DELETE FROM " . static::getTableName() . " ";
@ -442,7 +442,7 @@ class Plugin extends ObjectYPT
public static function deleteByName($name) public static function deleteByName($name)
{ {
global $global; global $global;
$name = $global['mysqli']->real_escape_string($name); $name = ($name);
if (!empty($name)) { if (!empty($name)) {
_error_log("Plugin:deleteByName {$name}"); _error_log("Plugin:deleteByName {$name}");
$sql = "DELETE FROM " . static::getTableName() . " "; $sql = "DELETE FROM " . static::getTableName() . " ";
@ -482,7 +482,7 @@ class Plugin extends ObjectYPT
return false; return false;
} }
global $global; global $global;
$this->object_data = $global['mysqli']->real_escape_string($this->object_data); $this->object_data = ($this->object_data);
if (empty($this->object_data)) { if (empty($this->object_data)) {
$this->object_data = 'null'; $this->object_data = 'null';
} }

1
objects/security.php
View file

@ -1,6 +1,5 @@
<?php <?php
require_once $global['systemRootPath'] . 'objects/functions.php'; require_once $global['systemRootPath'] . 'objects/functions.php';
// filter some security here // filter some security here
$securityFilter = ['jump','videoDownloadedLink','duration','error', 'msg', 'info', 'warning', 'success','toast', 'catName', 'type', 'channelName', 'captcha', 'showOnly', 'key', 'link', 'email', 'country', 'region', 'videoName']; $securityFilter = ['jump','videoDownloadedLink','duration','error', 'msg', 'info', 'warning', 'success','toast', 'catName', 'type', 'channelName', 'captcha', 'showOnly', 'key', 'link', 'email', 'country', 'region', 'videoName'];
$securityFilterInt = ['isAdmin', 'priority', 'totalClips', 'rowCount']; $securityFilterInt = ['isAdmin', 'priority', 'totalClips', 'rowCount'];

10
objects/subscribe.php
View file

@ -6,8 +6,7 @@ if (!isset($global['systemRootPath'])) {
require_once $global['systemRootPath'] . 'objects/bootGrid.php'; require_once $global['systemRootPath'] . 'objects/bootGrid.php';
require_once $global['systemRootPath'] . 'objects/user.php'; require_once $global['systemRootPath'] . 'objects/user.php';
class Subscribe class Subscribe extends ObjectYPT{
{
private $id; private $id;
private $email; private $email;
private $status; private $status;
@ -31,7 +30,7 @@ class Subscribe
} }
} }
private function load($id) public function load($id)
{ {
$obj = self::getSubscribe($id); $obj = self::getSubscribe($id);
if (empty($obj)) { if (empty($obj)) {
@ -433,4 +432,9 @@ class Subscribe
{ {
$this->users_id = $users_id; $this->users_id = $users_id;
} }
public static function getTableName() {
return 'subscribes';
}
} }

2
objects/user.php
View file

@ -220,7 +220,7 @@ if (typeof gtag !== \"function\") {
return $eo[$id]; return $eo[$id];
} }
private function load($id) { public function load($id) {
$id = intval($id); $id = intval($id);
if (empty($id)) { if (empty($id)) {
return false; return false;

2
objects/userGroups.php
View file

@ -23,7 +23,7 @@ class UserGroups
} }
} }
private function load($id) public function load($id)
{ {
$user = self::getUserGroupsDb($id); $user = self::getUserGroupsDb($id);
if (empty($user)) { if (empty($user)) {

144
objects/video.php
View file

@ -19,50 +19,50 @@ require_once $global['systemRootPath'] . 'objects/Object.php';
if (!class_exists('Video')) { if (!class_exists('Video')) {
class Video { class Video extends ObjectYPT {
private $id; protected $id;
private $title; protected $title;
private $clean_title; protected $clean_title;
private $filename; protected $filename;
private $description; protected $description;
private $views_count; protected $views_count;
private $status; protected $status;
private $duration; protected $duration;
private $users_id; protected $users_id;
private $categories_id; protected $categories_id;
private $old_categories_id; protected $old_categories_id;
private $type; protected $type;
private $rotation; protected $rotation;
private $zoom; protected $zoom;
private $videoDownloadedLink; protected $videoDownloadedLink;
private $videoLink; protected $videoLink;
private $next_videos_id; protected $next_videos_id;
private $isSuggested; protected $isSuggested;
public static $types = ['webm', 'mp4', 'mp3', 'ogg', 'pdf', 'jpg', 'jpeg', 'gif', 'png', 'webp', 'zip']; public static $types = ['webm', 'mp4', 'mp3', 'ogg', 'pdf', 'jpg', 'jpeg', 'gif', 'png', 'webp', 'zip'];
private $videoGroups; protected $videoGroups;
private $trailer1; protected $trailer1;
private $trailer2; protected $trailer2;
private $trailer3; protected $trailer3;
private $rate; protected $rate;
private $can_download; protected $can_download;
private $can_share; protected $can_share;
private $only_for_paid; protected $only_for_paid;
private $rrating; protected $rrating;
private $externalOptions; protected $externalOptions;
private $sites_id; protected $sites_id;
private $serie_playlists_id; protected $serie_playlists_id;
private $video_password; protected $video_password;
private $encoderURL; protected $encoderURL;
private $filepath; protected $filepath;
private $filesize; protected $filesize;
private $live_transmitions_history_id; protected $live_transmitions_history_id;
private $total_seconds_watching; protected $total_seconds_watching;
private $duration_in_seconds; protected $duration_in_seconds;
private $likes; protected $likes;
private $dislikes; protected $dislikes;
private $users_id_company; protected $users_id_company;
private $created; protected $created;
public static $statusDesc = [ public static $statusDesc = [
'a' => 'Active', 'a' => 'Active',
'k' => 'Active and Encoding', 'k' => 'Active and Encoding',
@ -102,7 +102,7 @@ if (!class_exists('Video')) {
public static $statusBrokenMissingFiles = 'b'; public static $statusBrokenMissingFiles = 'b';
public static $rratingOptions = ['', 'g', 'pg', 'pg-13', 'r', 'nc-17', 'ma']; public static $rratingOptions = ['', 'g', 'pg', 'pg-13', 'r', 'nc-17', 'ma'];
//ver 3.4 //ver 3.4
private $youtubeId; protected $youtubeId;
public static $typeOptions = ['audio', 'video', 'embed', 'linkVideo', 'linkAudio', 'torrent', 'pdf', 'image', 'gallery', 'article', 'serie', 'image', 'zip', 'notfound', 'blockedUser']; public static $typeOptions = ['audio', 'video', 'embed', 'linkVideo', 'linkAudio', 'torrent', 'pdf', 'image', 'gallery', 'article', 'serie', 'image', 'zip', 'notfound', 'blockedUser'];
public static $searchFieldsNames = ['v.title', 'v.description', 'c.name', 'c.description', 'v.id', 'v.filename']; public static $searchFieldsNames = ['v.title', 'v.description', 'c.name', 'c.description', 'v.id', 'v.filename'];
public static $searchFieldsNamesLabels = ['Video Title', 'Video Description', 'Channel Name', 'Channel Description', 'Video ID', 'Video Filename']; public static $searchFieldsNamesLabels = ['Video Title', 'Video Description', 'Channel Name', 'Channel Description', 'Video ID', 'Video Filename'];
@ -349,9 +349,9 @@ if (!class_exists('Video')) {
$catDefault = Category::getCategoryDefault(); $catDefault = Category::getCategoryDefault();
$this->categories_id = $catDefault['id']; $this->categories_id = $catDefault['id'];
} }
//$this->setTitle($global['mysqli']->real_escape_string(trim($this->title))); //$this->setTitle((trim($this->title)));
$this->title = ($global['mysqli']->real_escape_string(safeString($this->title))); $this->title = ((safeString($this->title)));
$this->description = ($global['mysqli']->real_escape_string($this->description)); $this->description = (($this->description));
if (forbiddenWords($this->title) || forbiddenWords($this->description)) { if (forbiddenWords($this->title) || forbiddenWords($this->description)) {
return false; return false;
@ -412,31 +412,16 @@ if (!class_exists('Video')) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"3 ' . __("Permission denied") . '"}'); die('{"error":"3 ' . __("Permission denied") . '"}');
} }
$sql = "UPDATE videos SET title = '{$this->title}',clean_title = '{$this->clean_title}',"
. " filename = '{$this->filename}', categories_id = '{$this->categories_id}', status = '{$this->status}',"
. " description = '{$this->description}', duration = '{$this->duration}', type = '{$this->type}', videoDownloadedLink = '{$this->videoDownloadedLink}', youtubeId = '{$this->youtubeId}', videoLink = '{$this->videoLink}', next_videos_id = {$this->next_videos_id}, isSuggested = {$this->isSuggested}, users_id = {$this->users_id}, "
. " trailer1 = '{$this->trailer1}', trailer2 = '{$this->trailer2}', trailer3 = '{$this->trailer3}', rate = '{$this->rate}', can_download = '{$this->can_download}', can_share = '{$this->can_share}', only_for_paid = '{$this->only_for_paid}', rrating = '{$this->rrating}', externalOptions = '{$this->externalOptions}', sites_id = {$this->sites_id}, serie_playlists_id = {$this->serie_playlists_id} ,live_transmitions_history_id = {$this->live_transmitions_history_id} , video_password = '{$this->video_password}', "
. " encoderURL = '{$this->encoderURL}', filepath = '{$this->filepath}' , filesize = '{$this->filesize}' , duration_in_seconds = '{$this->duration_in_seconds}' , modified = now(), users_id_company = ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company))." "
. " WHERE id = {$this->id}";
$saved = sqlDAL::writeSql($sql); $insert_row = parent::save();
if ($saved) { if ($insert_row) {
$insert_row = $this->id;
AVideoPlugin::onUpdateVideo($insert_row); AVideoPlugin::onUpdateVideo($insert_row);
_error_log('onUpdateVideo $insert_row = '.$insert_row); _error_log('onUpdateVideo $insert_row = '.$insert_row);
}else{ }else{
_error_log('onUpdateVideo error $saved is empty'); _error_log('onUpdateVideo error $saved is empty');
} }
} else { } else {
if(empty($this->created)){ $insert_row = parent::save();
$this->created = 'now()';
}
$sql = "INSERT INTO videos "
. "(duration_in_seconds, title,clean_title, filename, users_id, categories_id, status, description, duration,type,videoDownloadedLink, next_videos_id, created, modified, videoLink, can_download, can_share, only_for_paid, rrating, externalOptions, sites_id, serie_playlists_id,live_transmitions_history_id, video_password, encoderURL, filepath , filesize, users_id_company) values "
. "('{$this->duration_in_seconds}','{$this->title}','{$this->clean_title}', '{$this->filename}', {$this->users_id},{$this->categories_id}, '{$this->status}', '{$this->description}', '{$this->duration}', '{$this->type}', '{$this->videoDownloadedLink}', {$this->next_videos_id},{$this->created}, now(), '{$this->videoLink}', '{$this->can_download}', '{$this->can_share}','{$this->only_for_paid}', '{$this->rrating}', '$this->externalOptions', {$this->sites_id}, {$this->serie_playlists_id},{$this->live_transmitions_history_id}, '{$this->video_password}', '{$this->encoderURL}', '{$this->filepath}', '{$this->filesize}', ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company)).")";
//_error_log("Video::save ".$sql);
$insert_row = sqlDAL::writeSql($sql);
if(!empty($insert_row)){ if(!empty($insert_row)){
AVideoPlugin::onNewVideo($insert_row); AVideoPlugin::onNewVideo($insert_row);
_error_log('onNewVideo $insert_row = '.$insert_row); _error_log('onNewVideo $insert_row = '.$insert_row);
@ -444,6 +429,7 @@ if (!class_exists('Video')) {
_error_log('onNewVideo error $insert_row is empty'); _error_log('onNewVideo error $insert_row is empty');
} }
} }
//var_dump($this->title, $insert_row);exit;
if ($insert_row) { if ($insert_row) {
_error_log("Video::save ({$this->title}) Saved id = {$insert_row} "); _error_log("Video::save ({$this->title}) Saved id = {$insert_row} ");
Category::clearCacheCount(); Category::clearCacheCount();
@ -512,8 +498,10 @@ if (!class_exists('Video')) {
return false; return false;
} }
_error_log("Video::updateDurationInSeconds update duration {$videos_id}, {$duration}, {$duration_in_seconds}"); _error_log("Video::updateDurationInSeconds update duration {$videos_id}, {$duration}, {$duration_in_seconds}");
$sql = "UPDATE videos SET duration_in_seconds = '{$duration_in_seconds}' , modified = now() WHERE id = {$videos_id}"; $formats = 'si';
$saved = sqlDAL::writeSql($sql); $values = [$duration_in_seconds, $videos_id];
$sql = "UPDATE videos SET duration_in_seconds = ? , modified = now() WHERE id = ?";
$saved = sqlDAL::writeSql($sql, $formats, $values);
self::clearCache($videos_id); self::clearCache($videos_id);
return $duration_in_seconds; return $duration_in_seconds;
} }
@ -663,8 +651,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) { if (!empty($this->id)) {
global $global; global $global;
$sql = "UPDATE videos SET rotation = '{$saneRotation}', modified = now() WHERE id = {$this->id} "; $sql = "UPDATE videos SET rotation = ?, modified = now() WHERE id = ? ";
$res = sqlDAL::writeSql($sql); $formats = 'si';
$values = [$saneRotation, $this->id];
$res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) { if ($global['mysqli']->errno !== 0) {
die('Error on update Rotation: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die('Error on update Rotation: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
@ -689,8 +679,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) { if (!empty($this->id)) {
global $global; global $global;
$sql = "UPDATE videos SET zoom = '{$saneZoom}', modified = now() WHERE id = {$this->id} "; $sql = "UPDATE videos SET zoom = ?, modified = now() WHERE id = ? ";
$res = sqlDAL::writeSql($sql); $formats = 'si';
$values = [$saneZoom, $this->id];
$res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) { if ($global['mysqli']->errno !== 0) {
die('Error on update Zoom: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die('Error on update Zoom: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
@ -826,7 +818,7 @@ if (!class_exists('Video')) {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }
@ -1231,7 +1223,7 @@ if (!class_exists('Video')) {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }
@ -1752,7 +1744,7 @@ if (!class_exists('Video')) {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }
@ -4881,7 +4873,7 @@ if (!class_exists('Video')) {
private static function getFullTextSearch($columnsArray, $search, $connection = "OR") { private static function getFullTextSearch($columnsArray, $search, $connection = "OR") {
global $global; global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($search)); $search = (xss_esc($search));
$search = str_replace('&quot;', '"', $search); $search = str_replace('&quot;', '"', $search);
if (empty($columnsArray) || empty($search)) { if (empty($columnsArray) || empty($search)) {
return ""; return "";
@ -5294,6 +5286,10 @@ if (!class_exists('Video')) {
return !$found; return !$found;
} }
public static function getTableName() {
return 'videos';
}
} }
} }

2
objects/video_statistic.php
View file

@ -123,7 +123,7 @@ class VideoStatistic extends ObjectYPT {
$this->seconds_watching_video = intval($this->seconds_watching_video); $this->seconds_watching_video = intval($this->seconds_watching_video);
$this->json = $global['mysqli']->real_escape_string($this->json); $this->json = ($this->json);
return parent::save(); return parent::save();
} }

2
plugin/AD_Overlay/Objects/AD_Overlay_Code.php
View file

@ -85,7 +85,7 @@ class AD_Overlay_Code extends ObjectYPT {
//$data = htmlentities($data); //$data = htmlentities($data);
// mysql escape string // mysql escape string
$data = $global['mysqli']->real_escape_string($data); $data = ($data);
return $data; return $data;
} }

6
plugin/AD_Server_Location/Objects/CampaignLocations.php
View file

@ -33,19 +33,19 @@ class CampaignLocations extends ObjectYPT {
function setCountry_name($country_name) { function setCountry_name($country_name) {
global $global; global $global;
$country_name = $global['mysqli']->real_escape_string($country_name); $country_name = ($country_name);
$this->country_name = $country_name; $this->country_name = $country_name;
} }
function setRegion_name($region_name) { function setRegion_name($region_name) {
global $global; global $global;
$region_name = $global['mysqli']->real_escape_string($region_name); $region_name = ($region_name);
$this->region_name = $region_name; $this->region_name = $region_name;
} }
function setCity_name($city_name) { function setCity_name($city_name) {
global $global; global $global;
$city_name = $global['mysqli']->real_escape_string($city_name); $city_name = ($city_name);
$this->city_name = $city_name; $this->city_name = $city_name;
} }

26
plugin/CloneSite/Objects/Clones.php
View file

@ -55,8 +55,10 @@ class Clones extends ObjectYPT
} }
} }
public function loadFromURL($url) public function loadFromURL($url){
{ if(!isValidURL($url)){
return false;
}
$row = self::getFromURL($url); $row = self::getFromURL($url);
if (empty($row)) { if (empty($row)) {
return false; return false;
@ -73,7 +75,10 @@ class Clones extends ObjectYPT
$resp->canClone = false; $resp->canClone = false;
$resp->clone = null; $resp->clone = null;
$resp->msg = ""; $resp->msg = "";
if(!isValidURL($url)){
$resp->msg = "Invalid URL";
return $resp;
}
$clone = new Clones(0); $clone = new Clones(0);
$clone->loadFromURL($url); $clone->loadFromURL($url);
if (empty($clone->getId())) { if (empty($clone->getId())) {
@ -115,9 +120,11 @@ class Clones extends ObjectYPT
if (empty($this->last_clone_request)) { if (empty($this->last_clone_request)) {
$this->last_clone_request = 'null'; $this->last_clone_request = 'null';
} }
if(!isValidURL($this->url)){
$this->key = $global['mysqli']->real_escape_string($this->key); return false;
$this->url = $global['mysqli']->real_escape_string($this->url); }
$this->key = safeString($this->key, true);
$this->url = $this->url;
return parent::save(); return parent::save();
} }
@ -151,10 +158,11 @@ class Clones extends ObjectYPT
$this->id = $id; $this->id = $id;
} }
public function setUrl($url) public function setUrl($url){
{ if(isValidURL($url)){
$this->url = $url; $this->url = $url;
} }
}
public function setStatus($status) public function setStatus($status)
{ {
@ -163,7 +171,7 @@ class Clones extends ObjectYPT
public function setKey($key) public function setKey($key)
{ {
$this->key = $key; $this->key = safeString($key);
} }
public function setLast_clone_request($last_clone_request) public function setLast_clone_request($last_clone_request)

2
plugin/Live/Live.php
View file

@ -3040,7 +3040,7 @@ Click <a href=\"{link}\">here</a> to join our live.";
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }

8
plugin/Live/Objects/LiveTransmition.php
View file

@ -75,7 +75,7 @@ class LiveTransmition extends ObjectYPT
public function setTitle($title) public function setTitle($title)
{ {
global $global; global $global;
//$title = $global['mysqli']->real_escape_string($title); //$title = ($title);
$this->title = xss_esc($title); $this->title = xss_esc($title);
} }
@ -107,7 +107,7 @@ class LiveTransmition extends ObjectYPT
public function setDescription($description) public function setDescription($description)
{ {
global $global; global $global;
//$description = $global['mysqli']->real_escape_string($description); //$description = ($description);
$this->description = xss_esc($description); $this->description = xss_esc($description);
} }
@ -204,7 +204,7 @@ class LiveTransmition extends ObjectYPT
{ {
global $global; global $global;
_mysql_connect(); _mysql_connect();
$userName = $global['mysqli']->real_escape_string($userName); $userName = ($userName);
$sql = "SELECT * FROM users WHERE user = ? LIMIT 1"; $sql = "SELECT * FROM users WHERE user = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$userName], true); $res = sqlDAL::readSql($sql, "s", [$userName], true);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);
@ -224,7 +224,7 @@ class LiveTransmition extends ObjectYPT
{ {
global $global; global $global;
_mysql_connect(); _mysql_connect();
$channelName = $global['mysqli']->real_escape_string($channelName); $channelName = ($channelName);
$sql = "SELECT * FROM users WHERE channelName = ? LIMIT 1"; $sql = "SELECT * FROM users WHERE channelName = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$channelName], true); $res = sqlDAL::readSql($sql, "s", [$channelName], true);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);

6
plugin/Live/Objects/LiveTransmitionHistory.php
View file

@ -93,13 +93,13 @@ class LiveTransmitionHistory extends ObjectYPT {
global $global; global $global;
$Char = "&zwnj;"; $Char = "&zwnj;";
$title = str_replace($Char, '', $title); $title = str_replace($Char, '', $title);
$title = $global['mysqli']->real_escape_string($title); $title = ($title);
$this->title = $title; $this->title = $title;
} }
public function setDescription($description) { public function setDescription($description) {
global $global; global $global;
$description = $global['mysqli']->real_escape_string($description); $description = ($description);
$this->description = $description; $this->description = $description;
} }
@ -354,7 +354,7 @@ class LiveTransmitionHistory extends ObjectYPT {
public static function getLatest($key, $live_servers_id = null, $active=false) { public static function getLatest($key, $live_servers_id = null, $active=false) {
global $global; global $global;
$key = $global['mysqli']->real_escape_string($key); $key = ($key);
if (empty($key)) { if (empty($key)) {
return false; return false;

2
plugin/Live/Objects/Live_schedule.php
View file

@ -358,7 +358,7 @@ class Live_schedule extends ObjectYPT
$this->key = uniqid(); $this->key = uniqid();
} }
$this->description = $global['mysqli']->real_escape_string($this->description); $this->description = ($this->description);
$this->_setTimeZone(date_default_timezone_get()); $this->_setTimeZone(date_default_timezone_get());

2
plugin/Live/Objects/Live_servers.php
View file

@ -239,7 +239,7 @@ class Live_servers extends ObjectYPT
$host = trim($rtmpHostURI); $host = trim($rtmpHostURI);
$parts = parse_url($host); $parts = parse_url($host);
$host = "rtmp://{$parts["host"]}{$parts["path"]}"; $host = "rtmp://{$parts["host"]}{$parts["path"]}";
$host = $global['mysqli']->real_escape_string($host); $host = ($host);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' "; $sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' ";
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);

2
plugin/LiveLinks/LiveLinks.php
View file

@ -304,7 +304,7 @@ class LiveLinks extends PluginAbstract {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }

2
plugin/PayPalYPT/Objects/PayPalYPT_log.php
View file

@ -174,7 +174,7 @@ class PayPalYPT_log extends ObjectYPT
public function save() public function save()
{ {
global $global; global $global;
$this->json = $global['mysqli']->real_escape_string($this->json); $this->json = ($this->json);
return parent::save(); return parent::save();
} }

4
plugin/Scheduler/Objects/Scheduler_commands.php
View file

@ -102,7 +102,7 @@ class Scheduler_commands extends ObjectYPT {
global $global; global $global;
if(!is_string($parameters)){ if(!is_string($parameters)){
$parameters = _json_encode($parameters); $parameters = _json_encode($parameters);
$parameters = $global['mysqli']->real_escape_string($parameters); $parameters = ($parameters);
} }
$this->parameters = $parameters; $this->parameters = $parameters;
@ -158,7 +158,7 @@ class Scheduler_commands extends ObjectYPT {
function setExecuted($callbackResponse) { function setExecuted($callbackResponse) {
if (!is_string($callbackResponse)) { if (!is_string($callbackResponse)) {
$callbackResponse = json_encode($callbackResponse); $callbackResponse = json_encode($callbackResponse);
$callbackResponse = $global['mysqli']->real_escape_string($callbackResponse); $callbackResponse = ($callbackResponse);
} }
$this->setExecuted_in(date('Y-m-d H:i:s')); $this->setExecuted_in(date('Y-m-d H:i:s'));
$this->setCallbackResponse($callbackResponse); $this->setCallbackResponse($callbackResponse);

2
plugin/TopMenu/Objects/Menu.php
View file

@ -124,7 +124,7 @@ class Menu extends ObjectYPT {
$this->menuSeoUrl=$this->menuName; $this->menuSeoUrl=$this->menuName;
} }
$this->menuSeoUrl=$global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl))); $this->menuSeoUrl=(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
return parent::save(); return parent::save();
} }

6
plugin/TopMenu/Objects/MenuItem.php
View file

@ -119,10 +119,10 @@ class MenuItem extends ObjectYPT {
if (empty($this->menuSeoUrlItem)) { if (empty($this->menuSeoUrlItem)) {
$this->menuSeoUrlItem = $this->title; $this->menuSeoUrlItem = $this->title;
} }
$this->menuSeoUrlItem = $global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title))); $this->menuSeoUrlItem = (preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
$this->title = $global['mysqli']->real_escape_string($this->title); $this->title = ($this->title);
$this->text = $global['mysqli']->real_escape_string($this->text); $this->text = ($this->text);
return parent::save(); return parent::save();
} }

2
plugin/TopMenu/TopMenu.php
View file

@ -91,7 +91,7 @@ class TopMenu extends PluginAbstract {
public function getidBySeoUrl($menuSeoUrlItem) { public function getidBySeoUrl($menuSeoUrlItem) {
global $global; global $global;
$sql="select id from topMenu_items where menuSeoUrlItem= ?"; $sql="select id from topMenu_items where menuSeoUrlItem= ?";
$res=sqlDal::readSql($sql, "s", array($global['mysqli']->real_escape_string($menuSeoUrlItem))); $res=sqlDal::readSql($sql, "s", array(($menuSeoUrlItem)));
$menuId=sqlDAL::fetchAssoc($res); $menuId=sqlDAL::fetchAssoc($res);
if(!isset($menuId['id'])) if(!isset($menuId['id']))
return false; return false;

2
plugin/YPTWallet/Objects/Wallet.php
View file

@ -98,7 +98,7 @@ class Wallet extends ObjectYPT {
public function save() { public function save() {
global $global; global $global;
$this->balance = floatval($this->balance); $this->balance = floatval($this->balance);
$this->crypto_wallet_address = $global['mysqli']->real_escape_string($this->crypto_wallet_address); $this->crypto_wallet_address = ($this->crypto_wallet_address);
ObjectYPT::clearSessionCache(); ObjectYPT::clearSessionCache();
return parent::save(); return parent::save();
} }

4
plugin/YPTWallet/Objects/Wallet_log.php
View file

@ -171,8 +171,8 @@ class WalletLog extends ObjectYPT {
function save() { function save() {
global $global; global $global;
$this->description = $global['mysqli']->real_escape_string($this->description); $this->description = ($this->description);
$this->information = $global['mysqli']->real_escape_string($this->information); $this->information = ($this->information);
return parent::save(); return parent::save();
} }

95
updatedb/updateDb.v12.0.sql Normal file
View file

@ -0,0 +1,95 @@
-- ### Credit
--
-- Discovered by Claudio Bozzato of Cisco Talos.
--
-- TALOS-2022-1534
--
-- Now the userUpdate.json.php requires a request from the same domain as the AVideo site
-- in aditional all save and delete database calls requires the same by default (a whitelist can be builded hardcoding it in the objects/Object.php file)
--
-- TALOS-2022-1535
--
-- Session ID will only change if you are not logged in
-- In case the session ID changed we will regenerate it with a new name avoiding reuse it
--
-- TALOS-2022-1536
--
-- plugin/Live/view/Live_schedule/add.json.php and objects/playlistAddNew.json.php will deny to update if the users_id is not = as the original record when it is editing
--
-- TALOS-2022-1537
--
-- Add a sanitize rule on the security file
--
--
-- TALOS-2022-1539
--
-- Add a sanitize rule on the view/img/image403.php file itself
--
-- TALOS-2022-1540
--
-- Video title and filename will always be sanitized on the setTitle method (sometimes more than once)
--
--
-- TALOS-2022-1542
--
-- httponly set to true
-- we are now using the passhash instead of the database pass in all site
-- the passhash is totally different than the original DB password, it a encrypted json and has an expiration time and also will be automatically rejected if the original password is updated
-- the login with the pass hash (database password field) directly will be disabled soon, for now it is only enabled to buy some time to update the other third parties apps
--
-- TALOS-2022-1545
--
-- Fixed on TALOS-2022-1542
--
-- TALOS-2022-1546
--
-- Filename is now sanitized with escapeshellarg(safeString($filename,true));
--
-- TALOS-2022-1538
--
-- all 4 parameters are sanitized now
-- also if the request does not come from the same site, the showAlertMessage() function will not be executed
--
-- TALOS-2022-1547
--
-- Now every time the admin login we will check if the new videos/.htaccess is there, and create it if it is not
-- <IfModule !authz_core_module>
-- Order Allow,Deny
-- Deny from all
-- </IfModule>
-- <IfModule authz_core_module>
-- Require all denied
-- </IfModule>
-- <filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ts|txt|mp4|mp3|m3u8|webp|key|css|tff|woff|woff2)$">
-- <IfModule !authz_core_module>
-- Order Allow,Deny
-- Allow from all
-- </IfModule>
-- <IfModule authz_core_module>
-- Require all granted
-- </IfModule>
-- </filesMatch>
--
-- this will only allow access to only some specific file types inside videos folder
--
-- TALOS-2022-1548
--
-- we now verify if is a valid URL properly, also we are using the escapeshellarg for URL and destination filename
--
-- TALOS-2022-1549
--
-- We now only download the downloadURL_image if it is a valid URL NOT localfiles any more
--
-- TALOS-2022-1551
--
-- All our classes were updated using the prepare statement to avoid sql injection
-- also `videoDownloadedLink` and `duration` are now sanitized
-- if you are editing anything we now "forbidIfItIsNotMyUsersId"
-- key and URL are now sanitized Clone plugin
--
-- TALOS-2022-1550
--
-- the url_get_contents now only download files from valid URLs or files from inside the cache folder
UPDATE configurations SET version = '12.0', modified = now() WHERE id = 1;