4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 27, 2018, 07:19:08 AM

Login with username, password and session length
Search:     Advanced search
Check the new Tutorial subforum with helpfull guides and tutorials for modifications and tweaks.
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: «« « 1 2 [3] 4 » »» Print
Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 147112 times)
Adson
Newbie
*
Offline Offline

Posts: 33

Thank You
-Given: 0
-Receive: 0

Joerg - Laie - Lernfähig


View Profile WWW
« Reply #30 on: October 22, 2006, 10:12:30 AM »

Hi,

ein Gedanke... Die Danksagungen sind super und auch sehr gut. Nur machen sie es u.U. ziemlich unübersichtlich, zu technischen INhalten zu kommen. Man kann dadurch leicht was übersehen. Kann man die nicht ausserhalb des eigentlichen Threads anbringen?

Übrigens Jan: Danke.

 Smile

Grüße, Jörg
Logged
medo007
Newbie
*
Offline Offline

Posts: 29

Thank You
-Given: 0
-Receive: 0

Internet addict


View Profile WWW
« Reply #31 on: October 22, 2006, 01:35:57 PM »

Thank you very much! Very Happy
Logged

mEDO
KimmyMarie
Newbie
*
Offline Offline

Posts: 30

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #32 on: October 22, 2006, 04:23:05 PM »

Thank you very much Jan!





Best wishes,
Kimmy
Logged
Fotopez
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #33 on: October 22, 2006, 04:56:43 PM »

Dankeschön!  Smile
Logged
theking6
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #34 on: October 22, 2006, 06:09:24 PM »

Vielen herzlichen Dank
Logged
linux_rh
Newbie
*
Offline Offline

Posts: 34

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #35 on: October 22, 2006, 07:50:04 PM »

first of all  i would thank 4images group for sending me  this massege  for  fixing  the bug in 4images

every thing is done

the bugs fix

thank you agian

Logged
Zhra
Newbie
*
Offline Offline

Posts: 13

Thank You
-Given: 1
-Receive: 0


View Profile WWW
« Reply #36 on: October 23, 2006, 02:26:18 AM »

Thanks so much  Wink
have been Updated  Very Happy
Logged

wallpapers
Full Member
***
Offline Offline

Posts: 107

Thank You
-Given: 2
-Receive: 0


View Profile WWW
« Reply #37 on: October 29, 2006, 08:25:34 PM »

I'm maby stupid but what is " Cross-Site Scripting Vulnerability" i have never heard about it  Rolling Eyes
Logged



mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #38 on: October 29, 2006, 09:19:15 PM »

http://en.wikipedia.org/wiki/Cross_site_scripting
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
BitBull
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #39 on: November 01, 2006, 10:32:04 AM »

Hi,

I just applied the security fix and viewed the result.

The page in general looks like it has been before but on the Top of the page there are now a lot of additional system messages:  Shocked

1
2
3
4
5
6
7
8
cache[$row['cat_id']] = $row['new_images']; } $site_db->free_result(); // -------------------------------------- $sql = "SELECT cat_id, COUNT(*) AS num_images FROM ".IMAGES_TABLE." WHERE image_active = 1 GROUP BY cat_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $cat_cache[$row['cat_id']]['num_images'] = $row['num_images']; } $site_db->free_result(); } //end if GET_CACHES ?>
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

I integrated the gallery in the layout of my site. Can it be that the script tries to modify that layout now too?
What can these messages mean?  Confused

regards

BitBull
« Last Edit: November 01, 2006, 11:26:01 AM by BitBull » Logged
BitBull
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #40 on: November 01, 2006, 11:25:26 AM »

 Shocked I tried to log on as registered user ...

There are even more of these messages and I am not able to log in anymore!  Question Question Question

Some guesses somewhere?

regards

BitBull
Logged
Nicky
Administrator
4images Guru
*****
Offline Offline

Posts: 3195

Thank You
-Given: 26
-Receive: 54


View Profile
« Reply #41 on: November 01, 2006, 12:30:44 PM »

seams your global.php is strange...
uploaded as binary... edited with nonconform editor.
Logged

cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi
BitBull
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #42 on: November 01, 2006, 12:45:07 PM »

Hmmm ... I guess thats not the problem really.

I am using Phase 5 (HTML Editor). I am using that editor ever and I did all my work on my sites with that editor.

I also removed the fix in global.php with this editor and everything works properly again ...

... but so I haven't applied the security fix.

Any other idea?

thanks and regards

BitBull
Logged
Nicky
Administrator
4images Guru
*****
Offline Offline

Posts: 3195

Thank You
-Given: 26
-Receive: 54


View Profile
« Reply #43 on: November 01, 2006, 12:56:46 PM »

then is something else..
like you can see, all ppl. don't have a problem with it.
Logged

cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi
BitBull
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #44 on: November 01, 2006, 01:05:26 PM »

most certainly yes! Wink

But hopefully someone can "understand" these messages and give me a hint where the problem could be to find ... Rolling Eyes

For me it seems that it has something to do with the header-file because there I integrated the menu etc. of my site. Can it be that with these additions the new line in the global.php has a problem? ...

The mentioned 2 lines in the sessions.php are:
86:
1
    session_start();

and 94:
1
    setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);

BitBull
« Last Edit: November 01, 2006, 01:24:03 PM by BitBull » Logged
Pages: «« « 1 2 [3] 4 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.167 seconds with 19 queries.