4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
October 16, 2018, 08:09:17 PM

Login with username, password and session length
Search:     Advanced search
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7.2] Security fix for global.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: «« « 1 [2] 3 » »» Print
Author Topic: [1.7.2] Security fix for global.php  (Read 97484 times)
Bugfixed
Jr. Member
**
Offline Offline

Posts: 95

Thank You
-Given: 1
-Receive: 1


View Profile WWW
« Reply #15 on: April 26, 2006, 10:13:22 AM »

Hımmm..

thanks V@no .
Logged

<?php Find Bug ?>
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #16 on: April 26, 2006, 10:23:27 AM »

I've updated the original post with some more instructions (see step 2)
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
BartAfterDark
Hero Member
*****
Offline Offline

Posts: 520

Thank You
-Given: 0
-Receive: 2


View Profile
« Reply #17 on: April 26, 2006, 11:43:40 AM »

so the only thing that needs to get replaced is
1
/* and */
?

If you want to read about this bug: http://secunia.com/advisories/19745/
Logged
quartz
Newbie
*
Offline Offline

Posts: 18

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #18 on: April 26, 2006, 02:11:38 PM »

thanks for that update
Logged
hyde101
Sr. Member
****
Offline Offline

Posts: 410

Thank You
-Given: 0
-Receive: 0

34TR.COM (Running 4images)


View Profile WWW
« Reply #19 on: April 26, 2006, 04:30:32 PM »

Thank you for the update, I have several sites running 1.7.2 but others were 1.7.
Would this be OK if I applied it on 1.7 ?

Thank You.
Logged


Please Vote for my site: Here
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #20 on: April 26, 2006, 04:43:12 PM »

@ ufkydpnr,

An 4images installation version 1.7 with all "security fixes" does not contain this "security hole"!
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
hyde101
Sr. Member
****
Offline Offline

Posts: 410

Thank You
-Given: 0
-Receive: 0

34TR.COM (Running 4images)


View Profile WWW
« Reply #21 on: April 26, 2006, 05:14:33 PM »

Dear Mawenzi,
Thanks for your reply, I guess you replied the same thing in German before, but thanks again since I don't speak German.

Smile
Logged


Please Vote for my site: Here
Ston4Img
Newbie
*
Offline Offline

Posts: 28

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #22 on: April 26, 2006, 11:03:43 PM »

Hi.

What is with the Bug from here? http://www.4homepages.de/forum/index.php?topic=10921.0 is it in 1.7.2 included ? I can register with "<" oder ">" in the Name....???

Hallo.
Was ist mit diesem Fehler: http://www.4homepages.de/forum/index.php?topic=10921.0. Ist das in der Verision 1.7.2 integriert? Ich kann wieder Benutzer registrieren mit > oder < im Namen ???
... macht das nicht eigentlich fast das gleiche?

Edit 1:
1
2
3
4
5
6
7
8
if ($site_db->not_empty($sql)) {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
      }
    }
    else {
      $msg .= (($msg != "") ? "<br />" : "").$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['user_name']), $lang['field_required']);
      $error = 1;

Can´t find this ...

Finde diesen Bereich nicht mehr

1
2
3
4
5
elseif (preg_match("#[<>]#", $user_name))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
        $error = 1;
      }
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #23 on: April 26, 2006, 11:37:30 PM »

What is with the Bug from here? http://www.4homepages.de/forum/index.php?topic=10921.0 is it in 1.7.2 included ? I can register with "<" oder ">" in the Name....???
Please pay attention to the version number of the security fix.
If its says v1.7 / v1.7.1 it means only v1.7 and v1.7.1 affected, v1.7.2 is already fixed. If it says v1.7.2 that means only v1.7.2 has the bug all previous version dont have it.
Now, if you are having problem installing the fix for v1.7 or v1.7.1, then why would reply to this topic?
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
linux_rh
Newbie
*
Offline Offline

Posts: 34

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #24 on: April 28, 2006, 10:44:18 AM »

 Very Happy Very Happy Very Happy

hi  all  thank you for the bug sulation that was found in  version 1.7.2   in the  global.php

i replace   that old file with new file   and we try  to register  but  we can n't 

it means  that  the problem is solved   

thank youuuuuuuuuuuuuuuuuuuuuuu

Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #25 on: April 28, 2006, 03:08:28 PM »

Just a note:
With this fix you can not post any <script> <iframe> etc HTML code anywhere from regular members pages (profile, descriptions, comments, etc)
If you, as admin, wish to add such code, you'll have to do it via ACP
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
brice626
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #26 on: April 30, 2006, 01:52:17 AM »

Just a note:
With this fix you can not post any <script> <iframe> etc HTML code anywhere from regular members pages (profile, descriptions, comments, etc)
If you, as admin, wish to add such code, you'll have to do it via ACP

Question: I just posted this topic: http://www.4homepages.de/forum/index.php?topic=12761.new#new

Is the reason the issue you mention above? If by ACP you mean "Admin Control Panel" (I'm just guessing) that didn't seem to be the case for me. After the upgrade, all my existing HTML in the description fields stopping working and even when entered from the Admin Control Panel it will not work.
Logged
caballonegro
Newbie
*
Offline Offline

Posts: 34

Thank You
-Given: 1
-Receive: 0


View Profile
« Reply #27 on: May 10, 2006, 12:01:46 PM »

 Twisted Evil Twisted Evil
Ist eine Änderung denn auch notwendig wenn 4images bei registrierungen auf die Userdatenbank von phpbb zugreift? Question Question Question


danke u. gruß
 
Logged

gruß
caballonegro
milius.net
Pre-Newbie

Offline Offline

Posts: 3

Thank You
-Given: 0
-Receive: 0

milius.net


View Profile WWW
« Reply #28 on: May 31, 2006, 02:47:41 PM »

auf die userdatenbank von phpbb?
bin neu hier aber ich an deiner stelle würde die änderungen einfügen ...
Logged

FransisDastinut
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #29 on: December 13, 2008, 12:57:50 PM »

thanks a lot for [1.7.2] Security fix  Cool
Logged

Fransis Loirty Dastinut, Sr.
Pages: «« « 1 [2] 3 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.083 seconds with 19 queries.