Thanks everyone, appreciated. It does include the front-end templates, but not the public/ directory where it's initialized. I'd have to recreate it to get it to working order. Actually wouldn't be impossible.
Found exploit in clans/info, if you plan to use this for anything:
app/controllers/ClanController.php
$clanName not sanitized. Inputting anything other than a string will cause site to throw a 500.
Line 17:
Code:
$csv_data = $this->fetchCsv($clanName);
line 59:
Code:
public function fetchCsv($clan) {
$url = "http://services.runescape.com/m=clan-hiscores/members_lite.ws?clanName=$clan";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_NOBODY, FALSE); // remove body
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CONNECTION_TIMEOUT, 5);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $httpCode != '200' ? null : $response;
}
Solution:
Replace line 17 with:
Code:
$csv_data = $this->fetchCsv($this->filter->sanitize($clanName, "string"));