4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
October 16, 2018, 12:16:53 AM

Login with username, password and session length
Search:     Advanced search
Follow 4images on twitter: Click here to follow!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 3 4 » »» Print
Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 149524 times)
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 32


View Profile WWW
« on: October 16, 2006, 10:25:09 AM »

Security fix for Cross-Site Scripting Vulnerability

Open global.php and search for

1
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
in Version 1.7.2 and 1.7.3 or
1
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
in Version 1.7.1 and 1.7.

Add the following line below

1
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
« Last Edit: October 17, 2006, 09:51:02 AM by Jan » Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #1 on: October 16, 2006, 12:45:50 PM »

... thanks Jan and Kai ...
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
Bugfixed
Jr. Member
**
Offline Offline

Posts: 95

Thank You
-Given: 1
-Receive: 1


View Profile WWW
« Reply #2 on: October 16, 2006, 07:47:10 PM »

thanks jan  Wink
Logged

<?php Find Bug ?>
honda2000
4images Guru
*******
Offline Offline

Posts: 3263

Thank You
-Given: 5
-Receive: 20


View Profile WWW
« Reply #3 on: October 16, 2006, 11:33:23 PM »

ist das in Version 1.7.1 die Zeile??

1
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
1
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht
Logged

colorssky
Full Member
***
Offline Offline

Posts: 128

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #4 on: October 17, 2006, 01:54:09 AM »

thanx

done! Wink
Logged
__G__
Sr. Member
****
Offline Offline

Posts: 286

Thank You
-Given: 8
-Receive: 0


View Profile
« Reply #5 on: October 17, 2006, 04:03:43 AM »

thanks i am done Very Happy
Logged
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 32


View Profile WWW
« Reply #6 on: October 17, 2006, 09:51:44 AM »

ist das in Version 1.7.1 die Zeile??

1
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
1
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht
Ja, ich hab den ersten Post entsprechend aktualisiert.
Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
honda2000
4images Guru
*******
Offline Offline

Posts: 3263

Thank You
-Given: 5
-Receive: 20


View Profile WWW
« Reply #7 on: October 17, 2006, 10:33:18 AM »

supi!! Danke!!!
Logged

Eng_Man
Pre-Newbie

Offline Offline

Posts: 4

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #8 on: October 18, 2006, 12:48:51 AM »

thanks
Logged
Heinrich-Uwe
Jr. Member
**
Offline Offline

Posts: 85

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #9 on: October 19, 2006, 01:04:34 PM »

 Rolling Eyes
Hallo Jan;
Dumme Frage von mir  Rolling Eyes
Werden die Security fix gleich mit in den Download Packet mit eingearbeitet oder mus man das immer extra machen ???
Danke für die Antwort...
# Laughing
Logged

Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 32


View Profile WWW
« Reply #10 on: October 19, 2006, 01:35:12 PM »

Nein, die Fixes werden nur in neue Versionen eingearbeitet. Du musst den Patch also manuell einfügen. Eine neue Bugfix-Version ist schon in Arbeit.
Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
wh-em
Newbie
*
Offline Offline

Posts: 17

Thank You
-Given: 1
-Receive: 0

إمبراطورية وحيد ، أكبر دعم عربي للسكريبت 4images


View Profile WWW
« Reply #11 on: October 19, 2006, 10:06:18 PM »

hi
sory for bad english Smile


is the New version 4images 1.7.3 released
in the Download page

http://www.4homepages.de/4images/download.php

fixed??


and thanks
Logged

ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2279

Thank You
-Given: 4
-Receive: 31


View Profile WWW
« Reply #12 on: October 19, 2006, 10:22:45 PM »

see vanos post of german

No, those fixed only into new versions. You must insert the Patch manually. A new fixed version already is in work.

greets ivan
Logged

greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery
wh-em
Newbie
*
Offline Offline

Posts: 17

Thank You
-Given: 1
-Receive: 0

إمبراطورية وحيد ، أكبر دعم عربي للسكريبت 4images


View Profile WWW
« Reply #13 on: October 20, 2006, 02:31:34 AM »

thanks

there is 2 news in news box

did I must do it manually ??

and we wait the new fixed version


by
Logged

egyptsons
Newbie
*
Offline Offline

Posts: 47

Thank You
-Given: 1
-Receive: 0


View Profile WWW
« Reply #14 on: October 21, 2006, 12:18:40 PM »

Arrow Done ThanX Jan  Cool
Logged

Thanx God
Pages: [1] 2 3 4 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.194 seconds with 19 queries.
Post your comments here