4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 24, 2018, 09:38:54 PM

Login with username, password and session length
Search:     Advanced search
You're looking for some 4images templates and styles? Then visit this thread to show websites with 4images templates to download.
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.8] Security fix for XSS vulnerability in admin/admin_functions.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 - 1.7.8] Security fix for XSS vulnerability in admin/admin_functions.php  (Read 38038 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« on: October 27, 2010, 11:39:09 AM »

A cross site scripting vulnerability in 4images 1.7 - 1.7.8 has been found.

To fix this:

In admin/admin_functions.php

find

1
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";

and replace it with

1
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";


find

1
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a>&nbsp;&nbsp;";

and replace it with

1
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a>&nbsp;&nbsp;";


find

1
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";

and replace it with

1
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";


If you are using 4images v1.7 also add in includes/functions.php above ?>
1
2
3
4
5
6
7
8
9
10
11
12
13
function safe_htmlspecialchars($chars) {
  
// Translate all non-unicode entities
  
$chars preg_replace(
    
'/&(?!(#[0-9]+|[a-z]+);)/si',
    
'&amp;',
    
$chars
  
);

  
$chars str_replace(">""&gt;",   $chars);
  
$chars str_replace("<""&lt;",   $chars);
  
$chars str_replace('"'"&quot;"$chars);
  return 
$chars;
}

Thanks to Secunia Research for finding and reporting this vulnerability!
« Last Edit: January 08, 2011, 10:08:55 PM by V@no » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
jkn
Newbie
*
Offline Offline

Posts: 34

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #1 on: December 05, 2010, 04:01:33 PM »

hello,
when i'm adding the code to v1.7 works nothing in the admin-backend!

any solution??
thx
jkn
Logged
ulrich
Newbie
*
Offline Offline

Posts: 13

Thank You
-Given: 1
-Receive: 0


View Profile
« Reply #2 on: January 08, 2011, 08:47:19 PM »

I am having the same problem with 1.7. Instead of the menu in the top left corner I am getting this:
Quote  [Expand]
Fatal error: Call to undefined function safe_htmlspecialchars() in <path to gallery>/admin/admin_functions.php on line 632

Line 632 reads
1
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";

How do I get the menu working again? BTW, version 1.7.6 works fine with this fix.
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #3 on: January 08, 2011, 10:08:04 PM »

added one more step
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.186 seconds with 20 queries.