From 47303d707a34e5818724e3124421a9ea6ac6753b Mon Sep 17 00:00:00 2001 From: David McReynolds Date: Wed, 19 Aug 2020 07:36:38 -0700 Subject: [PATCH 1/2] fix: security issue #561 fix --- .../fuel/assets/js/fuel/controller/BaseFuelController.js | 2 +- fuel/modules/fuel/controllers/Module.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fuel/modules/fuel/assets/js/fuel/controller/BaseFuelController.js b/fuel/modules/fuel/assets/js/fuel/controller/BaseFuelController.js index 29ff7e8fa..c84c977da 100755 --- a/fuel/modules/fuel/assets/js/fuel/controller/BaseFuelController.js +++ b/fuel/modules/fuel/assets/js/fuel/controller/BaseFuelController.js @@ -444,7 +444,7 @@ fuel.controller.BaseFuelController = jqx.lib.BaseController.extend({ $modal.find('iframe#replace_iframe').bind('load', function(){ var iframeContext = this.contentDocument; - var replacedId = $('#new_fuel_replace_id', iframeContext).val(); + var replacedId = parseInt($('#new_fuel_replace_id', iframeContext).val()); $('#form', iframeContext).submit(function(){ if (confirm(fuel.lang('replace_warning'))){ diff --git a/fuel/modules/fuel/controllers/Module.php b/fuel/modules/fuel/controllers/Module.php index 01dd274c7..c1c527342 100644 --- a/fuel/modules/fuel/controllers/Module.php +++ b/fuel/modules/fuel/controllers/Module.php @@ -1803,7 +1803,7 @@ function replace($id = NULL) { if ( ! empty($_POST['fuel_replace_id'])) { - $replace_id = $this->input->post('fuel_replace_id'); + $replace_id = (int) $this->input->post('fuel_replace_id', true); //$delete = is_true_val($this->input->post('fuel_delete_replacement')); $delete = TRUE; if (!$this->model->replace($replace_id, $id, $delete)) @@ -1833,7 +1833,7 @@ function replace($id = NULL) if ($success) { - $fields['new_fuel_replace_id'] = array('type' => 'hidden', 'value' => $replace_id); + $fields['new_fuel_replace_id'] = array('type' => 'hidden', 'value' => (int) $replace_id); } //$this->form_builder->use_form_tag = FALSE; From a17822a593f532a060ed165481bc46467233838c Mon Sep 17 00:00:00 2001 From: David McReynolds Date: Wed, 19 Aug 2020 07:37:41 -0700 Subject: [PATCH 2/2] fix: bug fix version bump --- fuel/modules/fuel/config/fuel_constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuel/modules/fuel/config/fuel_constants.php b/fuel/modules/fuel/config/fuel_constants.php index dd0bba9b4..182645708 100644 --- a/fuel/modules/fuel/config/fuel_constants.php +++ b/fuel/modules/fuel/config/fuel_constants.php @@ -1,6 +1,6 @@