4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
August 17, 2018, 07:03:16 AM

Login with username, password and session length
Search:     Advanced search
You're looking for some 4images templates and styles? Then visit this thread to show websites with 4images templates to download.
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.3] Security fix for SQL injection in global.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 3 4 » »» Print
Author Topic: [1.7 - 1.7.3] Security fix for SQL injection in global.php  (Read 191075 times)
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 31


View Profile WWW
« on: September 15, 2006, 01:55:54 PM »

This is an important security fix.

Replace the two lines in global.php (version 1.7.2 and 1.7.3) or search.php (all versions < 1.7.2):

Replace

1
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));

with

1
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);

Replace

1
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));

with

1
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
« Last Edit: April 03, 2009, 03:51:34 PM by V@no » Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #1 on: September 15, 2006, 02:22:53 PM »

... thanks Jan ... and also thanks to Matt ...
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2279

Thank You
-Given: 4
-Receive: 31


View Profile WWW
« Reply #2 on: September 15, 2006, 03:29:28 PM »

hallo jan,
leider ist es nicht genau beschrieben

ich habe den code in global sowie in der search.php.
benutze 1.7.1, müssen beide dateien mit den codes ersetzt werden??

bei deiner beschreibung steht
bei 1.7.1 steht nur OR / müsste doch AND heissen nicht Question

vielen dank für deine hilfe!

gruss ivan
Logged

greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 31


View Profile WWW
« Reply #3 on: September 15, 2006, 03:31:24 PM »

Eigentlich stehts bei 1.7.1 nicht on der global.php. Wenns bei Dir doch so ist, dann ersetze es in beiden Dateien.
Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
securitydot
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #4 on: September 15, 2006, 03:46:23 PM »

Thanks
Logged
Fastian
Full Member
***
Offline Offline

Posts: 199

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #5 on: September 15, 2006, 03:51:25 PM »

Thanks for keeping us up-to-date.
Smile
Logged

I m not a  Programmer.
          But
I m a Good Learner.
brice626
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #6 on: September 15, 2006, 04:04:20 PM »

Thanks!
Logged
cronk005
Newbie
*
Offline Offline

Posts: 44

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #7 on: September 15, 2006, 04:07:53 PM »

Changing this information has dramatically changed the way the keyword search is done when using multiple languages.... now it just doesn't work at all... any thoughts?

Let me clarify... If I changed the language of my board, with appropriate Keyword language tags, it will only search for the first word in the language set and the rest of the keywords will yield strange results.
Logged
amitpatel_3001
Newbie
*
Offline Offline

Posts: 13

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #8 on: September 15, 2006, 04:14:00 PM »

Thanks a lot for notifying everyone Smile
Logged
amitpatel_3001
Newbie
*
Offline Offline

Posts: 13

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #9 on: September 15, 2006, 04:17:37 PM »

$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));

cannot find this second line to replace Sad
Logged
Bugfixed
Jr. Member
**
Offline Offline

Posts: 95

Thank You
-Given: 1
-Receive: 1


View Profile WWW
« Reply #10 on: September 15, 2006, 04:21:23 PM »

thanks jan.
Logged

<?php Find Bug ?>
F1boat
Pre-Newbie

Offline Offline

Posts: 6

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #11 on: September 15, 2006, 04:25:29 PM »

Thanks a lot - Merci beaucoup
Logged
cajebo
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #12 on: September 15, 2006, 04:30:53 PM »

Thanks a bunch for the update patch Matt & Jan.

Still one of the better stand-alone O/S Galleries


Warm regards from Downtown Miamisburg, Ohio

Michael
Logged
Zhra
Newbie
*
Offline Offline

Posts: 13

Thank You
-Given: 1
-Receive: 0


View Profile WWW
« Reply #13 on: September 15, 2006, 04:36:42 PM »

Thanks so much sir
for keeping us up-to-date
Best regards
Logged

Laurina
Newbie
*
Offline Offline

Posts: 21

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #14 on: September 15, 2006, 04:37:02 PM »

Thank you very much.


Laurie
Logged


Pages: [1] 2 3 4 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.187 seconds with 19 queries.
Post your comments here