4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 26, 2018, 08:19:57 AM

Login with username, password and session length
Search:     Advanced search
Follow 4images on twitter: Click here to follow!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 / 1.7.1] Security fix in search.php and register.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: «« « 1 2 [3] 4 » »» Print
Author Topic: [1.7 / 1.7.1] Security fix in search.php and register.php  (Read 144654 times)
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #30 on: January 14, 2006, 07:19:06 PM »

mmm...I ment attach the search.php with the fix implemented...what you showed has no fix installed...

Ok, I think it would be best just to attach already fixed files to the original post...

P.S. if you see "attach", that means attach the file, not show the source Wink
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
likeaflower
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #31 on: January 17, 2006, 07:23:00 AM »

I just downloaded the gallery script and installed it today - is that one I downloaded already modified?
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #32 on: January 17, 2006, 07:40:11 AM »

I just downloaded the gallery script and installed it today - is that one I downloaded already modified?
No.
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #33 on: February 19, 2006, 07:12:00 PM »

I found an issue with search.php after these changes...and added Step 3 that fixes that issue.
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
nobby
4images Guru
*******
Offline Offline

Posts: 2834

Thank You
-Given: 9
-Receive: 71


View Profile
« Reply #34 on: February 19, 2006, 09:06:15 PM »

Hallo,

ich habe auf Seite 1 den Link (search.php + register.php+global.php.zip) gefunden. Sind diese Dateien jetzt die Modifizierten incl. des
Sicherheitspatches?


Bei soviel durcheinander (English und Deutsch) blickt man ja garnicht mehr durch.  Sad

Ich bin des Englishen nur brocken weise mächtig, im grund eher schlecht als recht.

Gruß
Nobby
Logged
TIMT
Hero Member
*****
Offline Offline

Posts: 505

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #35 on: February 19, 2006, 09:21:57 PM »

Hallo nobby

Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.

Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.

Gruss
TIMT
Logged
nobby
4images Guru
*******
Offline Offline

Posts: 2834

Thank You
-Given: 9
-Receive: 71


View Profile
« Reply #36 on: February 19, 2006, 09:29:19 PM »

Hallo nobby

Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.

Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.

Gruss
TIMT

Danke für Deine schnelle Antwort !   Very Happy
Logged
ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2279

Thank You
-Given: 4
-Receive: 31


View Profile WWW
« Reply #37 on: February 20, 2006, 11:47:59 AM »

hello vano

here my search.php

I have inserted security fixed in search.php, You scribe, one should extinguish code perch!
(If you wish, you can remove this block of code from search.php to increase perfomance (very insignificaly).)

Unfortunately, is mine modified search.php and does not know exactly what I should extinguish, can you help me?

gruss ivan



« Last Edit: February 20, 2006, 02:30:28 PM by V@no » Logged

greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #38 on: February 20, 2006, 02:31:43 PM »

here is a tip:
Download the zip package from the attachment and compare it with the original search.php
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Washi
Newbie
*
Offline Offline

Posts: 21

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #39 on: February 26, 2006, 09:12:38 PM »

Vano, if everything works correctly on my server, I don't need to do this update again, do I? I don't understand what changed from the original update. Thanks!
Logged
Saiman
Newbie
*
Offline Offline

Posts: 14

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #40 on: March 01, 2006, 10:40:29 PM »

Why are the files are not atached longer?
Logged
jovan
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #41 on: April 03, 2006, 12:04:36 PM »

Quote  [Expand]
In the attachment below you can find already modifyed default search.php, register.php and global.php
and where i can get this attachment. i can't see it!
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #42 on: April 04, 2006, 01:44:53 AM »

Vano, if everything works correctly on my server, I don't need to do this update again, do I?
If your site security is not in the priority for you, then no, you dont need to apply this fix, but then, dont cry if your gallery get hacked through this security hole...

P.S. I've attached the modifyed files for v1.7 and v1.7.1 in the original post.
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Supoplex
Pre-Newbie

Offline Offline

Posts: 2

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #43 on: April 06, 2006, 07:28:45 PM »

I have 4images 1.7.2.
Are Security and  search  bugs are fixed?
 Rolling Eyes
Logged
IcEcReaM
Hero Member
*****
Offline Offline

Posts: 714

Thank You
-Given: 0
-Receive: 3


View Profile WWW
« Reply #44 on: April 06, 2006, 08:02:14 PM »

yes, in 1.72 already build in all know security fixes,
and there are no fixes for 1.72 at the moment.
Logged

Coding is a everlasting competition between programmers who tries to write larger, better and idiot-safe programs and the universe producing larger and stupider idiots...
...so far the universe won
bump
Pages: «« « 1 2 [3] 4 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.061 seconds with 19 queries.
Post your comments here