4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
July 30, 2010, 04:33:04 AM

Login with username, password and session length
Search:     Advanced search
Check the new Tutorial subforum with helpfull guides and tutorials for modifications and tweaks.
Translate this page with google
=>
 Translate this page with Google =>
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability		 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 3 4 » »» Print
Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 71047 times)
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5015

Thank You
-Given: 0
-Receive: 9


View Profile WWW
« on: October 16, 2006, 10:25:09 AM »
Security fix for Cross-Site Scripting Vulnerability

Open global.php and search for

Code:  [Select]  [Expand]  [Hide line numbers]
1
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
in Version 1.7.2 and 1.7.3 or
Code:  [Select]  [Expand]  [Hide line numbers]
1
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
in Version 1.7.1 and 1.7.
Add the following line below

Code:  [Select]  [Expand]  [Hide line numbers]
1
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
« Last Edit: October 17, 2006, 09:51:02 AM by Jan » Logged
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4331

Thank You
-Given: 10
-Receive: 58


View Profile
« Reply #1 on: October 16, 2006, 12:45:50 PM »
... thanks Jan and Kai ...
Logged
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...
You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
Bugfixed
Jr. Member
**
Offline Offline

Posts: 85

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #2 on: October 16, 2006, 07:47:10 PM »
thanks jan  Wink
Logged
<?php Find Bug ?>
honda2000
4images Guru
*******
Offline Offline

Posts: 3221

Thank You
-Given: 2
-Receive: 10


View Profile WWW
« Reply #3 on: October 16, 2006, 11:33:23 PM »
ist das in Version 1.7.1 die Zeile??

Code:  [Select]  [Expand]  [Hide line numbers]
1
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
Code:  [Select]  [Expand]  [Hide line numbers]
1
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht
Logged
colorssky
Full Member
***
Offline Offline

Posts: 128

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #4 on: October 17, 2006, 01:54:09 AM »
thanx

done! Wink
Logged
__G__
Sr. Member
****
Offline Offline

Posts: 276

Thank You
-Given: 4
-Receive: 0


View Profile
« Reply #5 on: October 17, 2006, 04:03:43 AM »
thanks i am done Very Happy
Logged
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5015

Thank You
-Given: 0
-Receive: 9


View Profile WWW
« Reply #6 on: October 17, 2006, 09:51:44 AM »
Quote from: honda2000 on October 16, 2006, 11:33:23 PM
ist das in Version 1.7.1 die Zeile??

Code:  [Select]  [Expand]  [Hide line numbers]
1
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
Code:  [Select]  [Expand]  [Hide line numbers]
1
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht
Ja, ich hab den ersten Post entsprechend aktualisiert.
Logged
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
honda2000
4images Guru
*******
Offline Offline

Posts: 3221

Thank You
-Given: 2
-Receive: 10


View Profile WWW
« Reply #7 on: October 17, 2006, 10:33:18 AM »
supi!! Danke!!!
Logged
Eng_Man
Pre-Newbie

Offline Offline

Posts: 4

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #8 on: October 18, 2006, 12:48:51 AM »
thanks
Logged
Heinrich-Uwe
Jr. Member
**
Offline Offline

Posts: 85

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #9 on: October 19, 2006, 01:04:34 PM »
 Rolling Eyes
Hallo Jan;
Dumme Frage von mir  Rolling Eyes
Werden die Security fix gleich mit in den Download Packet mit eingearbeitet oder mus man das immer extra machen ???
Danke für die Antwort...
# Laughing
Logged
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5015

Thank You
-Given: 0
-Receive: 9


View Profile WWW
« Reply #10 on: October 19, 2006, 01:35:12 PM »
Nein, die Fixes werden nur in neue Versionen eingearbeitet. Du musst den Patch also manuell einfügen. Eine neue Bugfix-Version ist schon in Arbeit.
Logged
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
wh-em
Newbie
*
Offline Offline

Posts: 16

Thank You
-Given: 0
-Receive: 0

إمبراطورية وحيد ، أكبر دعم عربي للسكريبت 4images


View Profile WWW
« Reply #11 on: October 19, 2006, 10:06:18 PM »
hi
sory for bad english Smile


is the New version 4images 1.7.3 released
in the Download page

http://www.4homepages.de/4images/download.php

fixed??


and thanks
Logged
http://wh-em.com
ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2109

Thank You
-Given: 3
-Receive: 10


View Profile WWW
« Reply #12 on: October 19, 2006, 10:22:45 PM »
see vanos post of german

No, those fixed only into new versions. You must insert the Patch manually. A new fixed version already is in work.

greets ivan
Logged
greeting / grüsse
ivan

My Blog http://blog.bildergallery.com

    
wh-em
Newbie
*
Offline Offline

Posts: 16

Thank You
-Given: 0
-Receive: 0

إمبراطورية وحيد ، أكبر دعم عربي للسكريبت 4images


View Profile WWW
« Reply #13 on: October 20, 2006, 02:31:34 AM »
thanks

there is 2 news in news box

did I must do it manually ??

and we wait the new fixed version


by
Logged
http://wh-em.com
egyptsons
Newbie
*
Offline Offline

Posts: 47

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #14 on: October 21, 2006, 12:18:40 PM »
Arrow Done ThanX Jan  Cool
Logged
Thanx God
Pages: [1] 2 3 4 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
piqs.de - Fotocommunity & lizenzfreie Fotos