First of all, great program. I just had to make some changes to it for a client and it only took a couple hours because your code was pretty organized and it was easy to find the areas I needed to modify.
That being said, I came across a few issues that may or may not be already fixed.
1. Mail Header Injection in "email_listing.php"
You have the following line of code:
Code:
$header = "From: ".$sender." <".$sender_email.">\r\n";
that takes input directly from the user. A malicious user could send a $sender or $sender_email value with newlines in it and add headers to the email being sent out. This means they could change the From, Reply-To, etc headers and the content of the message itself (hiding what you add later).
2. My client didn't want to ask for most of the default information from users who just sign up to save listings and searches. I saw in the admin area where you could delete the extra fields, but it didn't affect the member registration. I changed the table in "member_signup.php" from "userformelements" to "memberformelements" and then it seemed to work correctly. Is this a typo for the table name or am I doing the wrong thing?
3. Error reporting
I have my error reporting set to E_ALL in PHP and when I tried to install the program, I got a bunch of warnings about undefined variables and what not. I simply added the line
Code:
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
to "common.php" to hide the NOTICE and WARNING messages. You may want to add this to your own code so people do not have to do it themselves.
4. Cross Site Scripting
I'm thinking you may have multiple instances of cross site scripting vulnerabilities. Just looking at the file I have open, I see this line
Code:
echo "$lang[email_listing_sent] $to.<P><a href=\"listingview.php?listingID=$listingID\">Return to listing</a> ";
where both $to and $listingID are taken directly from user input and displayed back to the user. Either one could be HTML code from the user and be used to rewrite/hijack the entire page.
This is just a few things I noticed in the couple hours I worked on modifying the program. Hopefully they've already been fixed or at least you'll look into it. Thanks.
---John Holmes...
Bookmarks