4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
June 23, 2018, 09:31:34 PM

Login with username, password and session length
Search:     Advanced search
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.9] Security fix for path disclosure in paging.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 - 1.7.9] Security fix for path disclosure in paging.php  (Read 14778 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« on: December 07, 2010, 10:45:56 AM »

A minor security vulnerability has  been found which leads to path disclosure.

To  fix this:

In includes/paging.php

find

1
2
3
4
5
6
7
8
$this->page $page;
$this->perpage $perpage;
$this->num_rows_all $num_rows_all;

if (!isset(
$this->page) || !intval($this->page)) {
  
$this->page 1;
}
if (!
$this->num_rows_all) {

and replace with

1
2
3
4
5
6
7
8
9
10
11
$this->page intval($page);
$this->perpage intval($perpage);
$this->num_rows_all intval($num_rows_all);

if (
$this->page <= 0) {
  
$this->page 1;
}
if (
$this->perpage <= 0) {
  
$this->perpage 1;
}
if (
$this->num_rows_all <= 0) {
« Last Edit: December 23, 2010, 07:59:27 PM by V@no » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
x23piracy
Sr. Member
****
Offline Offline

Posts: 420

Thank You
-Given: 48
-Receive: 41


View Profile WWW
« Reply #1 on: December 07, 2010, 05:03:43 PM »

Hi,

im using V@no's Universal Paging Class V1.1.1 and i cannot find that line in it.
Is that bug also existing in that paging.php?

Universal Paging Class 1.1.1: http://www.4homepages.de/forum/index.php?topic=6926.0


Greetz X23
Logged


Don't trust in md5 it's unsafe change your 4i galerys password hash algorythm! second pw db field, create new hashes over some time, deny old hash. Help members that cry, send informationen mail to the rest. Camouflage new pw hash in cookie. Done!

--(◔̯◔)--
Tino23
Full Member
***
Offline Offline

Posts: 183

Thank You
-Given: 17
-Receive: 4


View Profile WWW
« Reply #2 on: December 17, 2010, 05:44:37 PM »

Schau mal in Zeile 60 dort steht die Zeile.
Logged
x23piracy
Sr. Member
****
Offline Offline

Posts: 420

Thank You
-Given: 48
-Receive: 41


View Profile WWW
« Reply #3 on: December 17, 2010, 05:49:46 PM »

Hi,

Schau mal in Zeile 60 dort steht die Zeile.

ja mitlerweile weil V@no auf 1.1.2 aktualisiert hat, im File davor 1.1.1 fehlte das.


Gruß Jens
Logged


Don't trust in md5 it's unsafe change your 4i galerys password hash algorythm! second pw db field, create new hashes over some time, deny old hash. Help members that cry, send informationen mail to the rest. Camouflage new pw hash in cookie. Done!

--(◔̯◔)--
Sumale.my
Addicted member
******
Offline Offline

Posts: 1771

Thank You
-Given: 168
-Receive: 84

Neverdie


View Profile
« Reply #4 on: December 23, 2010, 05:43:33 PM »

The paging.php is find in includes/
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.189 seconds with 19 queries.