Headline
CVE-2023-1883: fix: added check if news or FAQs are active · thorsten/phpMyFAQ@db77df8
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
@@ -1258,6 +1258,39 @@ public function hasTranslation(int $recordId, string $recordLang): bool return false; }
public function isActive(int $recordId, string $recordLang, string $commentType = ‘faq’): bool { if (‘news’ === $commentType) { $table = 'faqnews’; } else { $table = 'faqdata’; }
$query = sprintf( " SELECT active FROM %s%s WHERE id = %d AND lang = '%s’", Database::getTablePrefix(), $table, $recordId, $this->config->getDb()->escape($recordLang) );
$result = $this->config->getDb()->query($query);
if ($row = $this->config->getDb()->fetchObject($result)) { return !(($row->active === ‘y’ || $row->active === ‘yes’)); } else { return true; } }
/** * Checks, if comments are disabled for the FAQ record. * @@ -1268,7 +1301,7 @@ public function hasTranslation(int $recordId, string $recordLang): bool */ public function commentDisabled(int $recordId, string $recordLang, string $commentType = ‘faq’): bool { if (‘news’ == $commentType) { if (‘news’ === $commentType) { $table = 'faqnews’; } else { $table = 'faqdata’;
Related news
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12.