ANTICHAT - Показать сообщение отдельно - [ Обзор уязвимостей e107 cms ]

1

pXSS

nlstart uploaded EasyShop v1.54 26Aug10

скачать

http://[host]/[path]/e107_plugins/easyshop/easyshop_sql.php - стурктура БД плагина

/e107_plugins/easyshop/easyshop_basket.php
PHP код:

		
			
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#FF8000"]/*...*/

// Filling basket from product  = P; return to product overview

[/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'fill_basket'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]'C'[/COLOR][COLOR="#007700"]or[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'fill_basket'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]'P'[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#FF8000"]// refresh_cart(); // IPN addition // might screw up the session variables

    // IPN addition - sets two variables to help keep coding neat later on

[/COLOR][COLOR="#007700"]isset([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]])?[/COLOR][COLOR="#0000BB"]$action_id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]]:[/COLOR][COLOR="#0000BB"]NULL[/COLOR][COLOR="#007700"];

    isset([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$action_id[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'item_track_stock'[/COLOR][COLOR="#007700"]])

        && ([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$action_id[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'quantity'[/COLOR][COLOR="#007700"]]) [/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_name'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'quantity'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_qty'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'item_price'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_price'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'sku_number'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sku_number'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'shipping'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shipping'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'shipping2'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shipping2'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'handling'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'handling'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]'db_id'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'db_id'[/COLOR][COLOR="#007700"]]);

[/COLOR][COLOR="#FF8000"]// Handling costs are calculated once per each basket

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sc_total'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'handling'[/COLOR][COLOR="#007700"]] += (double)[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'handling'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#FF8000"]// IPN addition - check  to see if we're tracking stock, if so put stock amount into SESSION ARRAY

[/COLOR][COLOR="#007700"]if ([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_track_stock'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]){

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]]][[/COLOR][COLOR="#DD0000"]'item_instock'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_instock'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]]][[/COLOR][COLOR="#DD0000"]'item_track_stock'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_track_stock'[/COLOR][COLOR="#007700"]];

         }

    }

    else if (!isset([/COLOR][COLOR="#0000BB"]$track_stock[/COLOR][COLOR="#007700"]) || isset([/COLOR][COLOR="#0000BB"]$allow_add[/COLOR][COLOR="#007700"])){

[/COLOR][COLOR="#FF8000"]// IPN addition check quantity against item_instock

      // Key for item id does exist; only quantity needs to raised

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]]][[/COLOR][COLOR="#DD0000"]'quantity'[/COLOR][COLOR="#007700"]] +=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_qty'[/COLOR][COLOR="#007700"]];

    }

    if (!isset([/COLOR][COLOR="#0000BB"]$track_stock[/COLOR][COLOR="#007700"]) || isset([/COLOR][COLOR="#0000BB"]$allow_add[/COLOR][COLOR="#007700"])){[/COLOR][COLOR="#FF8000"]// IPN addition - don't increment if quantity is at max stock level

        // Fill the sc_total array

[/COLOR][COLOR="#0000BB"]$previous_nr_of_items[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'quantity'[/COLOR][COLOR="#007700"]];[/COLOR][COLOR="#FF8000"]// Fix bug #88

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sc_total'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'items'[/COLOR][COLOR="#007700"]] +=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_qty'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sc_total'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'sum'[/COLOR][COLOR="#007700"]] += (double)[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_price'[/COLOR][COLOR="#007700"]] *[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_qty'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#FF8000"]// Extra shippings costs are conditioned (only calculate for first product)

[/COLOR][COLOR="#007700"]if ((integer)([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]]][[/COLOR][COLOR="#DD0000"]'quantity'[/COLOR][COLOR="#007700"]]) >=[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]and[/COLOR][COLOR="#0000BB"]$previous_nr_of_items[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]) {[/COLOR][COLOR="#FF8000"]// Fix bug #81

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sc_total'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'shipping'[/COLOR][COLOR="#007700"]] += (double)[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shipping'[/COLOR][COLOR="#007700"]];

        }

[/COLOR][COLOR="#FF8000"]// PayPal charges shipping2 costs for all items above quantity of 2

[/COLOR][COLOR="#007700"]if ((integer)([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shopping_cart'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_id'[/COLOR][COLOR="#007700"]]][[/COLOR][COLOR="#DD0000"]'quantity'[/COLOR][COLOR="#007700"]]) >[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]) {

            if ([/COLOR][COLOR="#0000BB"]$previous_nr_of_items[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sc_total'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'shipping2'[/COLOR][COLOR="#007700"]] += (double)[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shipping2'[/COLOR][COLOR="#007700"]] * ([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_qty'[/COLOR][COLOR="#007700"]]-[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);

            }

            else {

[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sc_total'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'shipping2'[/COLOR][COLOR="#007700"]] += (double)[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'shipping2'[/COLOR][COLOR="#007700"]] *[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'item_qty'[/COLOR][COLOR="#007700"]];

            }

        }

    }

[/COLOR][COLOR="#FF8000"]// Close the session (before a location redirect: otherwise the variables may not display correctly)

[/COLOR][COLOR="#0000BB"]session_write_close[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#FF8000"]// Return to original url

[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"Location: "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'return_url'[/COLOR][COLOR="#007700"]]);

    exit();

}[/COLOR][/COLOR]
Код HTML:
зы 5 минут поиска!