From 6a92a03a4de62900cf5ca4af58d0fccda34ae354 Mon Sep 17 00:00:00 2001
From: ASponch <adrien.ponchelet@u-picardie.fr>
Date: Mon, 29 Jan 2018 09:22:48 +0100
Subject: [PATCH 1/3] Fix : Display only public video

---
 upload/rss.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/upload/rss.php b/upload/rss.php
index f9dd2fcb1..8c3ee565d 100644
--- a/upload/rss.php
+++ b/upload/rss.php
@@ -30,7 +30,7 @@
 	case 'recent':
 	default:
 	{
-		 $videos = get_videos(array('limit'=>$limit,'order'=>'date_added DESC'));
+		 $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'date_added DESC'));
 		 $title  = "Recently Added Videos";
 	}
 	break;
@@ -38,21 +38,21 @@
 	case 'views':
 	{
 		
-		 $videos = get_videos(array('limit'=>$limit,'order'=>'views DESC'));
+		 $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'views DESC'));
 		 $title = "Most Viewed Videos";
 	}
 	break;
 	
 	case 'rating':
 	{
-		 $videos = get_videos(array('limit'=>$limit,'order'=>'rating DESC'));
+		 $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'rating DESC'));
 		 $title = "Top Rated Videos";
 	}
 	break;
 	
 	case 'watching':
 	{
-		 $videos = get_videos(array('limit'=>$limit,'order'=>'last_viewed DESC'));
+		 $videos = get_videos(array('limit'=>$limit,'broadcast'=>'public','order'=>'last_viewed DESC'));
 		 $title = "Videos Being Watched";
 	}
 	break;

From 54eed43f55a49657fc2a12f8bb41db51f5cfd518 Mon Sep 17 00:00:00 2001
From: ASponch <adrien.ponchelet@u-picardie.fr>
Date: Mon, 29 Jan 2018 10:42:26 +0100
Subject: [PATCH 2/3] modified:video cookie lifetime if video duration is
 bigger than one hour

---
 upload/includes/functions.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/upload/includes/functions.php b/upload/includes/functions.php
index 2590c9c81..283c7a581 100644
--- a/upload/includes/functions.php
+++ b/upload/includes/functions.php
@@ -2181,8 +2181,11 @@ function increment_views_new($id,$type=NULL) {
 			{	
 				if(!isset($_COOKIE['video_'.$id])) {
 					$currentTime = time();
+					$vdetails = get_video_details($id);
+					// Cookie life time at least 1 hour else if video duration is bigger set at video time.
+					$cookieTime = ($vdetails['duration'] > 3600) ? $vdetails['duration'] : $cookieTime = 3600;
 					$db->update(tbl("video"),array("views", "last_viewed"),array("|f|views+1",$currentTime)," videoid='$id' OR videokey='$id'");
-					setcookie('video_'.$id,'watched',time()+3600);
+					setcookie('video_'.$id,'watched',time()+$cookieTime);
 				}
 			}
 			break;

From f013bcfe1bf6bd7ed3597e572a7ee82d502521c8 Mon Sep 17 00:00:00 2001
From: ASponch <adrien.ponchelet@u-picardie.fr>
Date: Fri, 9 Mar 2018 16:18:20 +0100
Subject: [PATCH 3/3] BugFix : XSS exploit

---
 upload/includes/functions.php | 40 +++++++++++++++++------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/upload/includes/functions.php b/upload/includes/functions.php
index 8e9377657..067c73d5f 100644
--- a/upload/includes/functions.php
+++ b/upload/includes/functions.php
@@ -2717,9 +2717,9 @@ function category_link($data,$type) {
 			case 'video':case 'videos':case 'v':
 			{
 				if(SEO=='yes') {
-					return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
+					return BASEURL.'/videos/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
 				} else {
-					return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					return BASEURL.'/videos.php?cat='.$data['category_id'].'&sort='. htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 				}
 			}
 			break;
@@ -2727,9 +2727,9 @@ function category_link($data,$type) {
 			case 'channels':case 'channel':case'c':case'user':
 			{
 				if(SEO=='yes') {
-					return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
+					return BASEURL.'/channels/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
 				} else {
-					return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					return BASEURL.'/channels.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 				}
 			}
 			break;
@@ -2742,7 +2742,7 @@ function category_link($data,$type) {
 
 				if(defined("IN_MODULE")) {
 					global $prefix_catlink;
-					$url = 'cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					$url = 'cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 					$url = $prefix_catlink.$url;
 					$rm_array = array("cat","sort","time","page","seo_cat_name");
 					$p = "";
@@ -2754,9 +2754,9 @@ function category_link($data,$type) {
 				}
 								
 				if(SEO=='yes') {
-					return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.$_GET['sort'].'/'.$_GET['time'].'/';
+					return BASEURL.'/'.$type.'/'.$data['category_id'].'/'.SEO($data['category_name']).'/'.htmlspecialchars($_GET['sort']).'/'.htmlspecialchars($_GET['time']).'/';
 				} else {
-					return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.$_GET['sort'].'&time='.$_GET['time'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					return BASEURL.'/'.$type.'.php?cat='.$data['category_id'].'&sort='.htmlspecialchars($_GET['sort']).'&time='.htmlspecialchars($_GET['time']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 				}
 			}
 			break;
@@ -2793,18 +2793,18 @@ function sort_link($sort,$mode='sort',$type) {
 				if($mode == 'sort') {
 					$sorting = $sort;
 				} else {
-					$sorting = $_GET['sort'];
+					$sorting = htmlspecialchars($_GET['sort']);
 				}
 				if($mode == 'time') {
 					$time = $sort;
 				} else {
-					$time = $_GET['time'];
+					$time = htmlspecialchars($_GET['time']);
 				}
 					
 				if (SEO=='yes') {
-					return BASEURL.'/videos/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
+					return BASEURL.'/videos/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
 				} else {
-					return BASEURL.'/videos.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					return BASEURL.'/videos.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 				}
 			}
 			break;
@@ -2826,18 +2826,18 @@ function sort_link($sort,$mode='sort',$type) {
 				if($mode == 'sort') {
 					$sorting = $sort;
 				} else {
-					$sorting = $_GET['sort'];
+					$sorting = htmlspecialchars($_GET['sort']);
 				}
 				if($mode == 'time') {
 					$time = $sort;
 				} else {
-					$time = $_GET['time'];
+					$time = htmlspecialchars($_GET['time']);
 				}
 					
 				if(SEO=='yes') {
-					return BASEURL.'/channels/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
+					return BASEURL.'/channels/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
 				} else {
-					return BASEURL.'/channels.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					return BASEURL.'/channels.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 				}
 			}
 			break;
@@ -2859,12 +2859,12 @@ function sort_link($sort,$mode='sort',$type) {
 				if($mode == 'sort') {
 					$sorting = $sort;
 				} else {
-					$sorting = $_GET['sort'];
+					$sorting = htmlspecialchars($_GET['sort']);
 				}
 				if($mode == 'time') {
 					$time = $sort;
 				} else {
-					$time = $_GET['time'];
+					$time = htmlspecialchars($_GET['time']);
 				}
 				
 				if(THIS_PAGE=='photos') {
@@ -2872,15 +2872,15 @@ function sort_link($sort,$mode='sort',$type) {
 				}
 				
 				if(defined("IN_MODULE")) {
-					$url = 'cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					$url = 'cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 					$plugURL = queryString($url,array("cat","sort","time","page","seo_cat_name"));
 					return $plugURL;
 				}
 				
 				if(SEO=='yes') {
-					return BASEURL.'/'.$type.'/'.$_GET['cat'].'/'.$_GET['seo_cat_name'].'/'.$sorting.'/'.$time.'/'.$_GET['page'];
+					return BASEURL.'/'.$type.'/'.htmlspecialchars($_GET['cat']).'/'.htmlspecialchars($_GET['seo_cat_name']).'/'.$sorting.'/'.$time.'/'.htmlspecialchars($_GET['page']);
 				} else {
-					return BASEURL.'/'.$type.'.php?cat='.$_GET['cat'].'&sort='.$sorting.'&time='.$time.'&page='.$_GET['page'].'&seo_cat_name='.$_GET['seo_cat_name'];
+					return BASEURL.'/'.$type.'.php?cat='.htmlspecialchars($_GET['cat']).'&sort='.$sorting.'&time='.$time.'&page='.htmlspecialchars($_GET['page']).'&seo_cat_name='.htmlspecialchars($_GET['seo_cat_name']);
 				}
 			}
 			break;