4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
August 16, 2018, 11:44:40 AM

Login with username, password and session length
Search:     Advanced search
4images is now on facebook. Click here and become a fan!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: «« « 1 2 [3] Print
Author Topic: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php  (Read 105525 times)
amodpg
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #30 on: June 26, 2006, 11:20:25 PM »

sir,
    i just downloaded new version but seems the text required to change in the first post of this thread is not yet implemented, i can find the
"$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());" in the session file included in the zip file i just downloaded.

one of my firends gallery hosted by me has 1000's of xxx comments for his personal photo graphs.

any suggestions to fix it.

regards,
amod
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #31 on: June 27, 2006, 12:19:01 AM »

i can find the
"$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());" in the session file included in the zip file i just downloaded.
Its because that is the line you supposed to replace it with, not to find it....

as of comments spam, we have two mods image validation for comments, consider to use one of them.
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
sajwal
Jr. Member
**
Offline Offline

Posts: 61

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #32 on: July 25, 2006, 11:26:21 PM »

I found that in ver 1.7.3
 the line $this->session_id = session_id();
 is not edited??? Shocked

Should i make the changes in 1.7.3 also, as security reason?
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #33 on: July 26, 2006, 12:22:00 AM »

No, v1.7.3 has different approach.
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Pages: «« « 1 2 [3] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.055 seconds with 19 queries.
Post your comments here