4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
February 25, 2018, 01:01:57 PM

Login with username, password and session length
Search:     Advanced search
You're looking for some 4images templates and styles? Then visit this thread to show websites with 4images templates to download.
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.6] Security fix in global.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 - 1.7.6] Security fix in global.php  (Read 63944 times)
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« on: April 02, 2009, 03:27:36 PM »

In global.php find:

4images version 1.7

1
2
3
4
5
6
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  
$l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (
file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    
$config['language_dir'] = $l;
  }
}

Replace it with:

1
2
3
4
5
6
7
8
$l null;
if (isset(
$HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  
$requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!
preg_match('#\.\.[\\\/]#'$requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    
$l $requested_l;
    
$config['language_dir'] = $l;
  }
}




4images version 1.7.1 - 1.7.6

1
  if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

Replace it with:

1
  if (!preg_match('#\.\.[\\\/]#'$requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {





For these who installed [MOD] Language select with cookies support and can't find anything mentioned above, then you'll need find in global.php:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  
$l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (
file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    
$config['language_dir'] = $l;
    
setcookie('4images_lang'$l, (time()+ 60 60 24 365), "/"""0);
  }
}
else
{
  if (isset(
$HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    
$l $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}

And replace it with:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  
$requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!
preg_match('#\.\.[\\\/]#'$requested_l) && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    
$l $requested_l;
    
$config['language_dir'] = $l;
    
setcookie('4images_lang'$l, (time()+ 60 60 24 365), "/"""0);
  }
}
else
{
  if (isset(
$HTTP_COOKIE_VARS['4images_lang']) && !preg_match('#\.\.[\\\/]#'$HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    
$l $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}
(I've already updated the code in the mentioned mod with this fix)




P.S.
thanks to 4dabdura for reporting this bug and Jan for providing us with the fix.
« Last Edit: April 11, 2009, 03:06:14 AM by V@no » Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2279

Thank You
-Given: 4
-Receive: 30


View Profile WWW
« Reply #1 on: April 02, 2009, 06:06:27 PM »

thanks
the fix is not compatible with [lang mod]
http://www.4homepages.de/forum/index.php?topic=4743.msg74088#msg74088

i can not change of default language.
when change the default language, go to detail image, i see the same language bevor change the language.

can you help us?
Logged

greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 198


View Profile WWW
« Reply #2 on: April 02, 2009, 08:37:48 PM »

Thanks V@no!
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #3 on: April 02, 2009, 10:05:17 PM »

... thanks V@no for your fix for version 1.7 - 1.7.6 ...
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
sanko86
Sr. Member
****
Offline Offline

Posts: 310

Thank You
-Given: 1
-Receive: 4


View Profile WWW
« Reply #4 on: April 03, 2009, 03:33:01 PM »

thank you  V@no
this is  important edit
Logged

Web site:http://www.anlatiyoruz.com
Hayat zorluklarla doludur.Ama en zoru insanýn insana düþmanlýðýdýr.
om6acw
Full Member
***
Offline Offline

Posts: 187

Thank You
-Given: 2
-Receive: 1


View Profile WWW
« Reply #5 on: April 06, 2009, 07:01:20 PM »

thanks V@no!
Logged

V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #6 on: April 08, 2009, 03:03:04 PM »


I've updated the code in this post:
http://www.4homepages.de/forum/index.php?topic=4743.msg31555#msg31555
« Last Edit: April 09, 2009, 02:06:34 AM by V@no » Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Sumale.my
Addicted member
******
Offline Offline

Posts: 1768

Thank You
-Given: 167
-Receive: 83

Neverdie


View Profile
« Reply #7 on: April 08, 2009, 07:05:35 PM »

Habt ihr das im "Downloadpaket" schon beigefügt? Damit andere, die 4images z.B heute einsetzen wollen bzw. downloaden wollen das nicht hier extra suchen müssen!
Logged
ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2279

Thank You
-Given: 4
-Receive: 30


View Profile WWW
« Reply #8 on: April 08, 2009, 07:39:38 PM »

scheinbar soll bald die 1.7.7 kommen.
ich würde es begrüssen, dass die Version so schnell wie möglich ausgelöst wird.

Denn wir reden hier von Sicherheit, die der User/Kunde so nicht hat!

Gruss Ivan
Logged

greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery
yesme
Jr. Member
**
Offline Offline

Posts: 61

Thank You
-Given: 0
-Receive: 0

Yes for 4images!


View Profile
« Reply #9 on: April 10, 2009, 02:46:21 PM »

Hi,

Thank V@no for the updates and fix.   Smile

Regards,
Yesme
Logged

Love 4images! @--^-----
Jasi
Jr. Member
**
Offline Offline

Posts: 68

Thank You
-Given: 15
-Receive: 1


View Profile
« Reply #10 on: April 10, 2009, 05:34:15 PM »

Hi,

Thank V@no for the updates and fix.  Smile

Best Regards,
Jasi

----------------------------------------------------------

Danke V@no für's Update und den Fix !  Smile

Beste Grüße
Jasi
Logged

LG Jasi
Blackman5001
Pre-Newbie

Offline Offline

Posts: 8

Thank You
-Given: 1
-Receive: 0


View Profile
« Reply #11 on: April 13, 2009, 09:52:48 PM »

Habt ihr das im "Downloadpaket" schon beigefügt? Damit andere, die 4images z.B heute einsetzen wollen bzw. downloaden wollen das nicht hier extra suchen müssen!

Ist nicht drin. Habe es gestern runtergeladen und installiert und jetzt die Änderungen gemacht.
Logged
softxgame(banned)
Newbie
*
Offline Offline

Posts: 12

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #12 on: May 06, 2009, 06:04:45 AM »

Thank you for the follow-up
Logged

REMOVED
takeiteasy(banned)
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #13 on: August 03, 2009, 06:30:17 AM »

Thank you very much Very Happy






I'm banned for spam. All links were removed. One message is more then enough.
« Last Edit: August 03, 2009, 07:24:59 AM by V@no » Logged
soft4arab
Pre-Newbie

Offline Offline

Posts: 2

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #14 on: August 11, 2009, 01:50:52 PM »

teknopaylaşım
bilgi paylaşım
Oyun sunucuları, domain, hosting, reseller, vps
« Last Edit: April 12, 2011, 08:32:35 PM by soft4arab » Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.069 seconds with 19 queries.