4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
June 23, 2018, 02:17:47 AM

Login with username, password and session length
Search:     Advanced search
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.9] Security fix for Multiple Path disclousure
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 - 1.7.9] Security fix for Multiple Path disclousure  (Read 7121 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« on: April 11, 2011, 10:47:42 AM »

A multiple path disclousure vulnerability in 4images 1.7 - 1.7.9 has been found.

To fix this:

In global.php

find

1
2
3
$action = (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim($HTTP_POST_VARS['action'])) :
stripslashes(trim($HTTP_GET_VARS['action']));

and replace with

1
2
3
$action = (isset($HTTP_POST_VARS['action'])) ? 
stripslashes(trim((string)$HTTP_POST_VARS['action'])) : 
stripslashes(trim((string)$HTTP_GET_VARS['action']));

find

1
2
3
$mode = (isset($HTTP_POST_VARS['mode'])) ? 
stripslashes(trim($HTTP_POST_VARS['mode'])) : 
stripslashes(trim($HTTP_GET_VARS['mode']));

and replace with

1
2
3
$mode = (isset($HTTP_POST_VARS['mode'])) ? 
stripslashes(trim((string)$HTTP_POST_VARS['mode'])) : 
stripslashes(trim((string)$HTTP_GET_VARS['mode']));

find

1
2
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? 
trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);

and replace with

1
2
3
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ?
trim((string)$HTTP_POST_VARS['search_keywords']) :
trim((string)$HTTP_GET_VARS['search_keywords']);

find

1
2
$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);

and replace with

1
2
3
$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim((string)$HTTP_POST_VARS['search_user']) :
trim((string)$HTTP_GET_VARS['search_user']);

and in includes/page_header.php

find

1
2
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ?
unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();

and replace with

1
2
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ",
stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();

find

1
2
setcookie($cookie_name.'rated'serialize($cookie_rated), $cookie_expire,
COOKIE_PATHCOOKIE_DOMAINCOOKIE_SECURE);

and replace with

1
2
setcookie($cookie_name.'rated'implode(" "$cookie_rated), $cookie_expire,
COOKIE_PATHCOOKIE_DOMAINCOOKIE_SECURE);
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.164 seconds with 19 queries.