Snitz Forums 2000 - New security fix, members.asp

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Announcements

Announcements: Security Related Bug Fixes

New security fix, members.asp

New Topic

Topic Locked

Printer Friendly

Author

Topic

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 12 December 2010 : 09:17:18

This security fix applies to all Snitz 3.4.x versions and can coexist with the previous fix, even if this one makes the previous fix redundant.

1. Around line #86, add this code:


If SearchName <> "" Then
	If Not IsValidString(SearchName) Then
		Err_Msg = "Invalid Name!"

		Response.Write	"      <table width=""100%"" border=""0"">" & vbNewLine & _
				"        <tr>" & vbNewLine & _
				"          <td><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>" & vbNewLine & _
				"          " & getCurrentIcon(strIconFolderOpen,"","") & " <a href=""default.asp"">All Forums</a><br />" & vbNewLine & _
				"          " & getCurrentIcon(strIconBar,"","") & getCurrentIcon(strIconFolderOpenTopic,"","") & " Member Information</font></td>" & vbNewLine & _
				"        </tr>" & vbNewLine & _
				"      </table>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """ color=""" & strHiLiteFontColor & """>There Was A Problem!</font></p>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """ color=""" & strHiLiteFontColor & """>" & Err_Msg & "</font></p>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""JavaScript:history.go(-1)"">Back to Forum</a></font></p>" & vbNewLine & _
				"      <br />" & vbNewLine
	WriteFooter
	Response.End
	
	End If
End if

After adding the code, members.asp will look like this, near the point where the code will be added:


SearchName = trim(Request("M_NAME"))
if SearchName = "" then
	SearchName = trim(Request.Form("M_NAME"))
end If

If SearchName <> "" Then
	If Not IsValidString(SearchName) Then
		Err_Msg = "Invalid Name!"

		Response.Write	"      <table width=""100%"" border=""0"">" & vbNewLine & _
				"        <tr>" & vbNewLine & _
				"          <td><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>" & vbNewLine & _
				"          " & getCurrentIcon(strIconFolderOpen,"","") & " <a href=""default.asp"">All Forums</a><br />" & vbNewLine & _
				"          " & getCurrentIcon(strIconBar,"","") & getCurrentIcon(strIconFolderOpenTopic,"","") & " Member Information</font></td>" & vbNewLine & _
				"        </tr>" & vbNewLine & _
				"      </table>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """ color=""" & strHiLiteFontColor & """>There Was A Problem!</font></p>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """ color=""" & strHiLiteFontColor & """>" & Err_Msg & "</font></p>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""JavaScript:history.go(-1)"">Back to Forum</a></font></p>" & vbNewLine & _
				"      <br />" & vbNewLine
	WriteFooter
	Response.End
	
	End If
End if


SearchNameDisplay = Server.HTMLEncode(SearchName)
SearchName = chkString(SearchName, "sqlstring")

2. Add function isValidString to the end of the file:

At line #598, add:


Function IsValidString(sValidate)
	Dim sInvalidChars
	Dim bTemp
	Dim i
	' Disallowed characters
	sInvalidChars = "!#$%^&*()=+{}[]|\.;:/?>,<@' "
	for i = 1 To Len(sInvalidChars)
		if InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 then bTemp = True
		if bTemp then Exit For
	next
	for i = 1 to Len(sValidate)
		if Asc(Mid(sValidate, i, 1)) = 160 then bTemp = True
		if bTemp then Exit For
	next

	' extra checks for double dots or double spaces
	' no two consecutive dots or spaces
	if not bTemp then
		bTemp = InStr(sValidate, "..") > 0
	end if
	if not bTemp then
		bTemp = InStr(sValidate, "  ") > 0
	end if
	if not bTemp then
		bTemp = (len(sValidate) <> len(Trim(sValidate)))
	end if 'Addition for leading and trailing spaces

	' if any of the above are true, invalid string
	IsValidString = Not bTemp
End Function

After adding the fix, the code will look like this:


Function sGetColspan(lIN, lOUT)
	if (mlev = "4" or mlev = "3") then lOut = lOut + 2
	If lOut > lIn then
		sGetColspan = lIN
	Else
		sGetColspan = lOUT
	End If
end Function

Function IsValidString(sValidate)
	Dim sInvalidChars
	Dim bTemp
	Dim i
	' Disallowed characters
	sInvalidChars = "!#$%^&*()=+{}[]|\.;:/?>,<@' "
	for i = 1 To Len(sInvalidChars)
		if InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 then bTemp = True
		if bTemp then Exit For
	next
	for i = 1 to Len(sValidate)
		if Asc(Mid(sValidate, i, 1)) = 160 then bTemp = True
		if bTemp then Exit For
	next

	' extra checks for double dots or double spaces
	' no two consecutive dots or spaces
	if not bTemp then
		bTemp = InStr(sValidate, "..") > 0
	end if
	if not bTemp then
		bTemp = InStr(sValidate, "  ") > 0
	end if
	if not bTemp then
		bTemp = (len(sValidate) <> len(Trim(sValidate)))
	end if 'Addition for leading and trailing spaces

	' if any of the above are true, invalid string
	IsValidString = Not bTemp
End Function
%>

If you need help with the fix, please post in the General Help forum.

Snitz 3.4 Readme | Like the support? Support Snitz too

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 19 February 2011 : 10:15:20

For anyone wanting to be able to search names with spaces, this line can be changed from:


sInvalidChars = "!#$%^&*()=+{}[]|\.;:/?>,<@' "


sInvalidChars = "!#$%^&*()=+{}[]|\.;:/?>,<@'"

The change is just the removal of the space character at the end of the string.

Snitz 3.4 Readme | Like the support? Support Snitz too

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.07 seconds.