4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
August 20, 2018, 04:39:39 AM

Login with username, password and session length
Search:     Advanced search
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7.2] Security fix for global.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 3 » »» Print
Author Topic: [1.7.2] Security fix for global.php  (Read 96784 times)
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« on: April 26, 2006, 12:25:45 AM »

If you downloaded 4images v1.7.2 before 25-04-2006 you should apply this fix!
If you downloaded it after that date, then you should not worry about it, the download package already conteins this fix.

Step 1

In global.php
find:
1
2
3
4
5
6
7
8
9
10
11
12
13
/*
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r",   "\n", $val);
$val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D
*/

/*
do {
        $oldval = $val;
        $val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
      } while ($oldval != $val);
*/

Replace with:
1
2
3
4
5
6
7
8
9
      $val = str_replace("\r\n", "\n", $val);
      $val = str_replace("\r",   "\n", $val);
      $val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D

      do {
        $oldval = $val;
        $val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
      } while ($oldval != $val);

Or you can download 4images package from this page and replace global.php from that package.

Step 2

And in case someone already used this hole on your site, you should find and delete any user who has < and > tags in their name (well, atleast these who has <script or other HTML tags) (personaly I would not feel bad even perm ban for that)
For that go to ACP (Admin Control Panel) -> Edit users -> in the "Userame conteins" field enter: < and click "Find"
Repeat search for >

[EDIT]
For these who cant find the code above, you probably have something like this instead:
1
2
3
4
      $val = str_replace("\r\n", "\n", $val);
      $val = str_replace("\r",   "\n", $val);
      $val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D
(note, there is no /* and */ around that block of code!
So, replace this block with the code above.
« Last Edit: April 03, 2009, 03:51:16 PM by V@no » Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
qwertz
Pre-Newbie

Offline Offline

Posts: 6

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #1 on: April 26, 2006, 01:24:15 AM »

thank you, for your update-info!  Smile

andreas
« Last Edit: April 26, 2006, 10:58:35 AM by qwertz » Logged
devilsoulblack
Pre-Newbie

Offline Offline

Posts: 6

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #2 on: April 26, 2006, 01:38:26 AM »

thanks
Logged
koikonut
Jr. Member
**
Offline Offline

Posts: 75

Thank You
-Given: 0
-Receive: 4


View Profile WWW
« Reply #3 on: April 26, 2006, 01:55:03 AM »

This passage is not in my global.php!

In my global.php only I can find this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
  $search2 =
      "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
  $replace2 = //str_repeat("\r", strlen($search2));
      "\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";

  foreach ($array as $key => $val) {
    if (is_array($val)) {
      $val = clean_array($val);
    } else {
      $val = preg_replace($search, $replace, $val);

      $val = str_replace("\r\n", "\n", $val);
      $val = str_replace("\r",   "\n", $val);
      $val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D
    }

    $array[$key] = $val;
  }

  return $array;

What do I have to do,
Thanks and bye
Logged

egyptsons
Newbie
*
Offline Offline

Posts: 47

Thank You
-Given: 1
-Receive: 0


View Profile WWW
« Reply #4 on: April 26, 2006, 02:15:21 AM »

Cool
Done
Thanks V@no Wink
Logged

Thanx God
mentally
Newbie
*
Offline Offline

Posts: 24

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #5 on: April 26, 2006, 02:19:02 AM »

i also cant find this in global.php

Logged
izzy
Guest
« Reply #6 on: April 26, 2006, 02:24:24 AM »

This passage is not in my global.php!

In my global.php only I can find this:
Just to confirm I have the same global.php as konradin. The file is dated 08/03/06 6:19pm.

The thread heading is related to register.php which I take as being an error.
Logged
boywonder
Newbie
*
Offline Offline

Posts: 12

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #7 on: April 26, 2006, 03:28:09 AM »

I think the post title needs to be changed as its confusing. It should be global.php that needs changing not register.php.

I have the same problem as the message by "konradin" above.

Thanks.
Logged
NCochise
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #8 on: April 26, 2006, 04:24:31 AM »

I've searched my global.php also and cannot find the code string shown above.

Does this mean those of us who cannot find it do not have the security breech?

Or is this just another one of those fixes that might be a fix until somebody finds out it didn't really fix what it was intended to fix, but instead was really an unfix for something else already fixed, but not fixed any more, because this fix is not really a fix at all, but a fixation of the mind?

When you get this figured out, gimme a call cuz I'm fixin' to logout of this security fix topic and fixin' to get somethin' to eat... if wife was kind enough to fix din din already.


Fix ya later!
Logged
caballonegro
Newbie
*
Offline Offline

Posts: 34

Thank You
-Given: 1
-Receive: 0


View Profile
« Reply #9 on: April 26, 2006, 08:20:11 AM »

Ist eine Änderung denn auch notwendig wenn 4images bei registrierungen auf die Userdatenbank von phpbb zugreift?

danke u. gruß
Logged

gruß
caballonegro
Optimum
Newbie
*
Offline Offline

Posts: 26

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #10 on: April 26, 2006, 08:20:48 AM »

Same here, can't find either piece (the old and the new) of the code in global or register.
Guess it doesn't need fixing then..

Thx,
Mat
Logged
Michael
Sr. Member
****
Offline Offline

Posts: 253

Thank You
-Given: 0
-Receive: 2


View Profile
« Reply #11 on: April 26, 2006, 09:28:13 AM »

Hallo, was ist mit den älteren versionen 1.7 / 1.7.1  ??
Logged
Fat Bastard
Newbie
*
Offline Offline

Posts: 20

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #12 on: April 26, 2006, 09:34:25 AM »

I would like to know too!
Logged


... I like BABIES...
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 31


View Profile WWW
« Reply #13 on: April 26, 2006, 09:34:33 AM »

This passage is not in my global.php!

In my global.php only I can find this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
$search2 =
 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
 $replace2 = //str_repeat("\r", strlen($search2));
 "\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";

 foreach ($array as $key => $val) {
 if (is_array($val)) {
 $val = clean_array($val);
 } else {
 $val = preg_replace($search, $replace, $val);

 $val = str_replace("\r\n", "\n", $val);
 $val = str_replace("\r", "\n", $val);
 $val = strtr($val, $search2, $replace2);
 $val = str_replace("\r", '', $val); // \r === \x0D
 }

 $array[$key] = $val;
 }

 return $array;

What do I have to do,
Thanks and bye

Add:

1
2
3
4
      do {
        $oldval = $val;
        $val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
      } while ($oldval != $val);

after

1
      $val = str_replace("\r", '', $val); // \r === \x0D
Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #14 on: April 26, 2006, 10:11:01 AM »

Hallo, was ist mit den älteren versionen 1.7 / 1.7.1  ??

Eine 4images-Installation Version 1.7 mit allen "Security Fixes" enthält nicht dieses "Security Hole" !

An 4images installation version 1.7 with all "security fixes" does not contain this "security hole"!
« Last Edit: April 26, 2006, 04:42:21 PM by mawenzi » Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
Pages: [1] 2 3 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.054 seconds with 19 queries.
Post your comments here