Fixes by NY

[Nijikokun]

Fix: Small/Large security hole in 1.71

Open admin/inc/base.php
Insert at the bottom after in_arrayi(); function

Code:

/*******************************************************
* @function alpha
* @param $string - the string / number / ect
* @param $check - what are we making sure the $string is?
* @about - checks a string / ect against regular expressions
*
*/
function alpha($string, $check = 'alpha')
{
    switch($check)
    {
        case "alpha":
            $regexp = "([a-z0-9])";
        break;
            
        case "alpha-space":
            $regexp = "([a-z0-9+ ])";
        break;
            
        case "alpha-underscore":
            $regexp = "([a-z0-9\_])";
        break;

    case "alpha-slug":
        $regexp = "([a-z0-9\_\-])";
    break;
            
        case "alpha-spacers":
            $regexp = "([a-z0-9-[\]_+ ])";
        break;
            
        case "num-dash":
            $regexp = "([0-9-])";
        break;
            
        case "alpha-extra":
            $regexp = "([a-z0-9+ \\\,\?\`\'\!\.\;\:\[\]\&\%\^\*\$\@\(\)\<\-\_\+\=])";
        break;
            
        case "num":
            $regexp = "([0-9])";
        break;
            
        case "strict":
            $regexp = "([a-z])";
        break;
    }
    
    return (preg_match('/^'.$regexp.'+$/i',$string)) ? true : false;
}
/******************************************************/

Open index.php, not admin/index.php
Find

Code:

// get page id (url slug) that is being passed via .htaccess mod_rewrite
    if (isset($_GET['id'])) {
        $id = strtolower($_GET['id']);
    } else {
        $id = "index";
    }

Replace With

Code:

if (isset($_GET['id'])) {
        if(alpha($_GET['id'], 'alpha-slug'))
        {
            $id = strtolower($_GET['id']);
        }
        else
        {
            $id = "index";
        }
    } else {
        $id = "index";
    }

Save and enjoy a little more security!