uq_jumpstats v2.42 - Page 14

Lightokun · 11-24-2010 , 17:14 Re: uq_jumpstats

Check please. I like your plugin and it works well with flatfiles, but not with DB.

borjomi · 11-24-2010 , 17:28 Re: uq_jumpstats

i find error so just wait)

borjomi · 11-24-2010 , 17:40 Re: uq_jumpstats

update for php 1.17
-fix error with personal stats

Lightokun · 11-24-2010 , 18:19 Re: uq_jumpstats

Few suggestions for php script:

Code:

$blocktop=$_GET['block'];
replace with:
$blocktop=isset($_GET['block']) ? intval($_GET['block']) : null;

couse blocktop uses only twice and both of them - intval

Code:

if (isset($_GET['page']))
{
    if(!ctype_digit($_GET['page']))
    {
        echo '<script type="text/javascript">document.location.href="uq_jumpstats.php?nametype=LongJump&type=lj";</script>';
    } 
    
$page=($_GET['page']-1); 
}

replace with

Code:

$page = isset($_GET['page']) ? intval($_GET['page']) - 1 : null;

Less code, no stupid int check.

Code:

$idplayer=$_GET['id'];

Replace with:

Code:

$idplayer=isset($_GET['id']) ? mysql_real_escape_string($_GET['id']) : null;

And remove

Code:

$ch=strpos($idplayer,"'");
        if($ch)
        {
            //echo '
            //<script type="text/javascript">document.location.href="uq_jumpstats.php?nametype=LongJump&type=lj";</script>';
        }

That's wrong way to check bad chars.

Replace all
$_GET['id'] with filtered $idname.

Not importaint, but there also can be some xss

Code:

<td><b><a href="uq_jumpstats.php?nametype='.$value.'&type='.$key.'"><center>'.$value.'</center></a></b></td>

And such must be filtered:

Code:

<td><b><a href="uq_jumpstats.php?nametype='.urlencode($value).'&type='.urlencode($key).'"><center>'.htmlspecialchars($value).'</center></a></b></td>

And much more.
Here is more secure version of stats 1.17:
http://pastebin.com/U0Nt0hQK
It's not full fix or optimisations, it's only to show how to avoid get hacked.

borjomi · 11-24-2010 , 18:46 Re: uq_jumpstats

if you good php scripter, you can help me with protections for script, cuz i'm bad in php (start study php 2 month ago) so i can add you versions with your protects in first post instead of my, just give me a link on workable your php)

renato127 · 11-25-2010 , 17:28 Re: uq_jumpstats

after this last update(blocktop added) , my server stay online only 10~15min , than it crash and didnt come back.
I tried to disable your plugin and enable kz_ljs_xm and the server works right.

borjomi · 11-25-2010 , 18:12 Re: uq_jumpstats

turning off block top mb help you.

renato127 · 11-25-2010 , 18:35 Re: uq_jumpstats

it crashed the server too.

borjomi · 11-25-2010 , 23:15 Re: uq_jumpstats

mm dont know how to help you.. cuz example on server stats work normaly (92.241.176.65:27034)

mm you use sql or dat tops?

DeLiriuM · 11-26-2010 , 03:14 Re: uq_jumpstats

Server keeps freezing after updating to 2.15. No error message, no crash, just freezes.