4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
October 20, 2014, 03:01:49 PM

Login with username, password and session length
Search:     Advanced search
4images is now on facebook. Click here and become a fan!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.7] Security fix for XSS vulnerability in includes/functions.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 » »» Print
Author Topic: [1.7 - 1.7.7] Security fix for XSS vulnerability in includes/functions.php  (Read 105105 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1385

Thank You
-Given: 64
-Receive: 175


View Profile WWW
« on: June 15, 2009, 11:38:42 AM »

A cross site scripting vulnerability in 4images 1.7 - 1.7.7 has been found.

To fix this:

In includes/functions.php

find

1
return $url;

and replace it by

1
return htmlspecialchars($url);


The download package of 4images 1.7.7 has been updated (15.06.2009)
« Last Edit: October 27, 2010, 11:43:25 AM by kai » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
sanko86
Sr. Member
****
Offline Offline

Posts: 310

Thank You
-Given: 1
-Receive: 4


View Profile WWW
« Reply #1 on: June 15, 2009, 03:31:03 PM »

thank you.
Logged

Web site:http://www.anlatiyoruz.com
Hayat zorluklarla doludur.Ama en zoru insanın insana düşmanlığıdır.
Sumale.my
Addicted member
******
Offline Offline

Posts: 1786

Thank You
-Given: 161
-Receive: 75

Neverdie


View Profile
« Reply #2 on: June 15, 2009, 04:56:45 PM »

Danke,
hab es auch mal in meiner Liste mit aufgenommen!
http://www.4homepages.de/forum/index.php?topic=24888.0
Logged
Jan-Lukas
Addicted member
******
Offline Offline

Posts: 1228

Thank You
-Given: 139
-Receive: 41


View Profile WWW
« Reply #3 on: June 15, 2009, 09:21:14 PM »

Danke,

LG Harald
Logged

Danke Harald

nobby
4images Guru
*******
Offline Offline

Posts: 2611

Thank You
-Given: 5
-Receive: 40


View Profile
« Reply #4 on: June 15, 2009, 09:26:56 PM »

aktualisiert  Wink
Logged
ahmad
Newbie
*
Offline Offline

Posts: 14

Thank You
-Given: 0
-Receive: 1

Ahmad Alfy


View Profile WWW
« Reply #5 on: June 15, 2009, 09:52:52 PM »

Thanks alot
Logged

adam_samhan
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #6 on: June 16, 2009, 02:10:36 PM »

thanks kai  Rolling Eyes
Logged
nabeel(banned)
Pre-Newbie

Offline Offline

Posts: 3

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #7 on: June 26, 2009, 03:39:59 PM »

great
Logged

REMOVED
manola
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #8 on: July 02, 2009, 03:12:37 AM »

Thank you so much for your information.
sonnerie portable gratuite
Logged
birdost
Newbie
*
Offline Offline

Posts: 21

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #9 on: July 20, 2009, 08:14:29 PM »

needed, thanks for the fix...
Logged

oboinastol2008
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #10 on: July 24, 2009, 09:10:52 AM »

 Exclamation Thank you!!!
Logged
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 119


View Profile
« Reply #11 on: July 24, 2009, 12:34:54 PM »

... es ist schon eigenartig wie viele User mit "1 Beitrag" (und offensichtlich aus dem Nahen Osten) sich hier bedanken ...
... misteriös ... und ein Schelm wer hier Übeles denkt ...  Rolling Eyes
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
soft4arab
Pre-Newbie

Offline Offline

Posts: 2

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #12 on: August 11, 2009, 02:28:32 PM »

teknopaylaşım
bilgi paylaşım
Oyun sunucuları, domain, hosting, reseller, vps
« Last Edit: April 12, 2011, 08:29:33 PM by soft4arab » Logged
honsa
Pre-Newbie

Offline Offline

Posts: 7

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #13 on: August 18, 2009, 07:17:49 PM »

... es ist schon eigenartig wie viele User mit "1 Beitrag" (und offensichtlich aus dem Nahen Osten) sich hier bedanken ...
... misteriös ... und ein Schelm wer hier Übeles denkt ...  Rolling Eyes

was denkst du denn? die funktion htmlspecialchars macht doch nicht viel Rolling Eyes

http://ch2.php.net/manual/de/function.htmlspecialchars.php
Logged
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 119


View Profile
« Reply #14 on: August 18, 2009, 09:09:16 PM »

@ honsa

... ich denke hier nichts, denn ich weiß es ...
... wogegen der Fix ist, dass sagt die Überschrift bereits (und die ist absolut ernst gemeint) ...
... woher die Leute kommen, die im 4images-Code rumtüfteln, um schadhaften Code platzieren zu können, das sagte ich bereits ...
... wenn Jan / Kai nun eine so einfache Lösung dazu gefunden haben ... dann Hut ab ... und es sollte uns alle freuen ...
... und mehr möchte ich dazu nicht ausführen ... Wink
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
Pages: [1] 2 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.132 seconds with 20 queries.