4images 1.7.10

[kai]

Die neue Version 4images 1.7.10 wurde veröffentlicht. Das Release bringt neue Funktionen, Detailverbesserungen, behebt bugs und sicherheitsrelevante Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

The new version 4images 1.7.10 has been released. This release comes with some improvements, bugfixes, security fixes and minor changes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php

Für Feedback zur 4images 1.7.10 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.10 version.

[kai]

=========================================================
ChangeLog Version 1.7.10
=========================================================
- [1.7 - 1.7.9] Security fix for Multiple Path disclousure (http://www.4homepages.de/forum/index.php?topic=29470.0)
- [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php (http://www.4homepages.de/forum/index.php?topic=29469.0)
- [1.7 - 1.7.9] Security fix for path disclosure in paging.php (http://www.4homepages.de/forum/index.php?topic=28481.0)
- [1.7 - 1.7.9] Security fix for input validation error (http://www.4homepages.de/forum/index.php?topic=29504.0)
- [1.7.7 - 1.7.9] Fixed {categories},{details},{index},{lightbox},etc tags don't work (http://www.4homepages.de/forum/index.php?topic=28321.0)
- [1.7.9] Fixed DB Error: Bad SQL Query: INSERT INTO 4images_wordmatch (image_id, ... (http://www.4homepages.de/forum/index.php?topic=28430.0)
- Improved password encryption using salted hashes (new file includes/security_utils.php)
- New Version of Rebuild Search Index Plugin (http://www.4homepages.de/forum/index.php?topic=6718.0)
- Added settings to define type of indexing of fields (fulltext, keywords, phrase)
- Fixed search in additional fields
- Fixed wrong width in error.html template
- Fixed issue calculating ExposureTime in EXIF data
- Fixed orphan search words are not deleted correctly if multiple image ids are passed to remove_searchwords()
- Minor fixes in text fixes in lang/deutsch/admin.php
- Changed default settings for CAPTCHA


Neue Dateien / New Files:
---------------------------------------
admin/plugins/rebuild_searchindex.php
includes/security_utils.php


Geänderte Dateien / Changed Files:
---------------------------------------
global.php
download.php
install.php
lightbox.php
member.php
register.php
search.php
admin/categories.php
admin/checkimages.php
admin/images.php
admin/thumbnailer.php
admin/users.php
admin/validateimages.php
includes/constants.php
includes/csrf_utils.php
includes/functions.php
includes/page_header.php
includes/paging.php
includes/session.php


Sprache / Language:
---------------------------------------
admin.php

[kai]

Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)



1.) copy the "rebuild_searchindex.php from the attachment in "admin/plugin" folder"

2.) search in admin/categories.php 2x:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9

$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];   $auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];   $auth_download = $HTTP_POST_VARS['auth_download'];   $auth_upload = $HTTP_POST_VARS['auth_upload'];   $auth_directupload = $HTTP_POST_VARS['auth_directupload'];   $auth_vote = $HTTP_POST_VARS['auth_vote'];   $auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];   $auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];   $auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];

and replace 2x:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9

$auth_viewcat = intval($HTTP_POST_VARS['auth_viewcat']);   $auth_viewimage = intval($HTTP_POST_VARS['auth_viewimage']);   $auth_download = intval($HTTP_POST_VARS['auth_download']);   $auth_upload = intval($HTTP_POST_VARS['auth_upload']);   $auth_directupload = intval($HTTP_POST_VARS['auth_directupload']);   $auth_vote = intval($HTTP_POST_VARS['auth_vote']);   $auth_sendpostcard = intval($HTTP_POST_VARS['auth_sendpostcard']);   $auth_readcomment = intval($HTTP_POST_VARS['auth_readcomment']);   $auth_postcomment = intval($HTTP_POST_VARS['auth_postcomment']);

3.) search and remove in admin/checkimages.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

if ($image_column == 'image_keywords') {                               $search_words[$image_column] = explode(',', $search_words[$image_column]);                             }

4.) search and remove in admin/images.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

if ($image_column == 'image_keywords') {             $search_words[$image_column] = explode(',', $search_words[$image_column]);           }

5.) search in admin/thumbnailer.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5

if (create_thumbnail(MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], THUMB_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], $quality, $dimension, $resize_type)) {           $sql = "UPDATE ".IMAGES_TABLE."                   SET image_thumb_file = '".addslashes($image_cache[$key]['image_media_file'])."'                   WHERE image_id = $key";           $site_db->query($sql);

and replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11 12 13

if (is_remote($image_cache[$key]['image_media_file'])) {           $src = $image_cache[$key]['image_media_file'];           $dest = create_unique_filename(THUMB_PATH."/".$image_cache[$key]['cat_id'], filterFileName($image_cache[$key]['image_media_file']));         } else {           $src = MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'];           $dest = $image_cache[$key]['image_media_file'];         }         if (create_thumbnail($src, THUMB_PATH."/".$image_cache[$key]['cat_id']."/".$dest, $quality, $dimension, $resize_type)) {           $sql = "UPDATE ".IMAGES_TABLE."                   SET image_thumb_file = '".addslashes($dest)."'                   WHERE image_id = $key";           $site_db->query($sql);

5.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2

if ((!file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']) || $image_row['image_thumb_file'] == "") && file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'])) {         $image_info = getimagesize(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);

and replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11 12

if ($image_row['image_thumb_file'] == "") {         $exists = false;       } else {         if (is_remote($image_row['image_thumb_file'])) {           $exists = true;         } else {           $exists = file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);         }       }       if (!$exists && (file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']) || is_remote($image_row['image_media_file']))) {         $src = is_remote($image_row['image_media_file']) ? $image_row['image_media_file'] : MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'];         $image_info = getimagesize($src);

6.) search in admin/users.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$passinsert = ($user_password != "") ? " ".get_user_table_field("", "user_password")." = '".md5($user_password)."'," : "";

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$passinsert = ($user_password != "") ? " ".get_user_table_field("", "user_password")." = '".salted_hash($user_password)."'," : "";

6.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$user_password = md5(trim($HTTP_POST_VARS['user_password_'.$i]));

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$user_password = trim($HTTP_POST_VARS['user_password_'.$i]);

6.2) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6

//(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")       $sql = "INSERT INTO ".USERS_TABLE."               (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")               VALUES               ($user_id, $user_level, '$user_name', '$user_password', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6

$user_password_hashed = salted_hash($user_password);       //(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")       $sql = "INSERT INTO ".USERS_TABLE."               (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")               VALUES               ($user_id, $user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

7.) search and remove in admin/validateimages.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

if ($image_column == 'image_keywords') {                   $search_words[$image_column] = explode(',', $search_words[$image_column]);                 }

[kai]

Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)



8.) search in includes/constants.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	define('GROUPTYPE_SINGLE', 2);

insert below:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

// Password define('PASSWORD_HASH_ALGO', 'md5'); define('PASSWORD_SALT_LENGTH', 9);

8.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	define('SCRIPT_VERSION', '1.7.9');

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	define('SCRIPT_VERSION', '1.7.10');

9.) search in includes/csrf_utils.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	if ($token !== (string) $HTTP_POST_VARS[$csrf_protection_name]) {

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	if (!secure_compare($token, (string) $HTTP_POST_VARS[$csrf_protection_name])) {

10.) search in includes/functions.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11

elseif ( $key == "ExposureTime" ) {             $ExposureTime = explode("/", $exif_info);             if ( $ExposureTime[0] == 1 && $ExposureTime[1] == 1 ){                 $exif_array[$exif_match[$key]] = $ExposureTime[1]." sec(s)";             } elseif ( $ExposureTime[0] == 1 ) {                 $exif_array[$exif_match[$key]] = "1/".($ExposureTime[1] * $ExposureTime[0])." sec(s)";             } elseif ( $ExposureTime[1] > 1 ) {                 $exif_array[$exif_match[$key]] = ($ExposureTime[0]/$ExposureTime[1])." sec(s)";             } elseif( $ExposureTime[1] == 1 ) {                 $exif_array[$exif_match[$key]] = ($ExposureTime[0] * $ExposureTime[1])." sec(s)";             }

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11 12

elseif ($key == "ExposureTime") {           $ExposureTime = explode("/", $exif_info);           if ((float)$ExposureTime[1] == 0) {             $exif_array[$exif_match[$key]] = "0 sec(s)";           }           elseif (($ExposureTime[0]/$ExposureTime[1]) >= 0.3) {             $exif_array[$exif_match[$key]] = round(($ExposureTime[0]/$ExposureTime[1]),1)." sec(s)";           }           else {             $exif_array[$exif_match[$key]] = "1/".round((1/($ExposureTime[0]/$ExposureTime[1])),0)." sec(s)";           }        }

10.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$keywords .= (($keywords != "" ) ? ", " : "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($val))."\">".format_text($val, 2)."</a>";

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5

$url_val = $val;       if (preg_match('/[^a-z0-9]+/i', $url_val)) {         $url_val = '"' . $url_val . '"';       }       $keywords .= (($keywords != "" ) ? ", " : "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($url_val))."\">".format_text($val, 2)."</a>";

10.2) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1

?>

insert above:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11 12

function create_unique_filename($base, $file) {   $ext = get_file_extension($file);   $name = get_file_name($file);   $n = 2;   $copy = "";   while (file_exists($base."/".$name.$copy.".".$ext)) {     $copy = "_".$n;     $n++;   }   return $name.$copy.".".$ext; }

11.) search in includes/page_header.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$file = get_file_name(basename(MAIN_SCRIPT)); $array = array(

insert below:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11

"page_categories" => false,     "page_details"    => false,     "page_index"      => false,     "page_lightbox"   => false,     "page_member"     => false,     "page_postcards"  => false,     "page_register"   => false,     "page_search"     => false,     "page_top"        => false,     // Backwards compatibility

11.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$array[$file] = true;

insert below:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

} if (isset($array["page_" . $file])) {   $array["page_" . $file] = true;

11.2) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ", stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();

11.3) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	setcookie($cookie_name.'rated', serialize($cookie_rated), $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	setcookie($cookie_name.'rated', implode(" ", $cookie_rated), $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);

12.) search in includes/paging.php

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9

$this->page = $page;     $this->perpage = $perpage;     $this->num_rows_all = $num_rows_all;     if (!isset($this->page) || !intval($this->page)) {       $this->page = 1;     }     if (!$this->num_rows_all) {

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11

$this->page = intval($page);     $this->perpage = intval($perpage);     $this->num_rows_all = intval($num_rows_all);     if ($this->page <= 0) {       $this->page = 1;     }     if ($this->perpage <= 0) {       $this->perpage = 1;     }     if ($this->num_rows_all <= 0) {

13.) copy the "search_utils.php" from the attachment in your "includes" folder:

14.) copy the "security_utils.php" from the attachment in your "includes" folder.

15.) search in includes/session.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	if ($this->read_cookie_data("userpass") == $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {         $this->set_cookie_data("userpass", $this->user_info['user_password']);

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {         $this->set_cookie_data("userpass", md5($this->user_info['user_password']));

15.1) search and remove:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$user_password = md5($user_password);

15.2) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	if ($row[$user_table_fields['user_password']] == $user_password) {

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	if (compare_passwords($user_password, $row[$user_table_fields['user_password']])) {

15.3) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$this->set_cookie_data("userpass", ($auto_login) ? $user_password : "");

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$this->set_cookie_data("userpass", ($auto_login) ? md5($row[$user_table_fields['user_password']]) : "");

[kai]

Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)



16.) search in lang/admin.php (deutsch)

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$lang['cni_iptc_description'] = "Verwenden Beschreibung aus IPTC Daten:"; $lang['cni_iptc_keywords'] = "Verwenden Schlüsselwörter aus IPTC Daten:";

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$lang['cni_iptc_description'] = "Verwende Beschreibung aus IPTC Daten:"; $lang['cni_iptc_keywords'] = "Verwende Schlüsselwörter aus IPTC Daten:";

16.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$lang['cni_big_folder'] = "Ordnername in welchen das Originalbild gespeicher werden soll:";

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$lang['cni_big_folder'] = "Ordnername in denen das Originalbild gespeichert werden soll:";

17.) search in root/download.php

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$file = array();

insert below:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$file_path = null; $file_name = null;

17.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	while ($image_row = $site_db->fetch_array($result)) {

insert below:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$file_path = null;       $file_name = null;

18.) search in root/global:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$cat_cache = array();

insert above:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$search_match_fields = null; $search_index_types = null;

18.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$captcha_chars               = "abcdefghijklmnopqrstuvwxyz1234567890"; $captcha_length              = 5;

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$captcha_chars               = "abcdefghijklmnopqrstuvwxyz123456789"; $captcha_length              = 6;

18.2) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$captcha_text_size           = 25; $captcha_text_transparency   = 60;

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$captcha_text_size           = 20; $captcha_text_transparency   = 50;

18.3) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim($HTTP_POST_VARS['action'])) : stripslashes(trim($HTTP_GET_VARS['action']));

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim((string)$HTTP_POST_VARS['action'])) : stripslashes(trim((string)$HTTP_GET_VARS['action']));

18.4) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim((string)$HTTP_POST_VARS['mode'])) : stripslashes(trim((string)$HTTP_GET_VARS['mode']));

18.5) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim((string)$HTTP_POST_VARS['search_keywords']) : trim((string)$HTTP_GET_VARS['search_keywords']);

18.6) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim((string)$HTTP_POST_VARS['search_user']) : trim((string)$HTTP_GET_VARS['search_user']);

18.7) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	//----------------------------------------------------- //--- Cache -------------------------------------------

insert above:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4

//----------------------------------------------------- //--- Security ---------------------------------------- //----------------------------------------------------- include_once(ROOT_PATH.'includes/security_utils.php');

19.) search in root/install.php

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5

$admin_pass_md5 = md5($admin_password);       $current_time = time();       $sql = "UPDATE ".$table_prefix."users               SET user_name = '$admin_user', user_password = '$admin_pass_md5', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time               WHERE user_name = 'admin'";

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7

include(ROOT_PATH.'includes/security_utils.php');       $admin_pass_hashed = salted_hash($admin_password);       $current_time = time();       $sql = "UPDATE ".$table_prefix."users               SET user_name = '$admin_user', user_password = '$admin_pass_hashed', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time               WHERE user_name = 'admin'";

20.) search in root/lightbox.php

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	define('ROOT_PATH', './');

insert below:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	define('MAIN_SCRIPT', __FILE__);

21.) search and remove in root/member.php 2x:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

if ($image_column == 'image_keywords') {             $search_words[$image_column] = explode(',', $search_words[$image_column]);           }

21.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8

elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) {       if ($direct_upload) {         $src = MEDIA_PATH."/".$cat_id."/".$new_name;         $dest = THUMB_PATH."/".$cat_id."/".$new_name;       }       else {         $src = MEDIA_TEMP_PATH."/".$new_name;         $dest = THUMB_TEMP_PATH."/".$new_name;

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

elseif ($config['auto_thumbnail'] == 1 && !empty($new_name) && !$uploaderror && ((!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") || is_remote($new_name))) {       if ($direct_upload) {         if (is_remote($new_name)) {           $src = $new_name;           $thumb = create_unique_filename(THUMB_PATH."/".$cat_id, filterFileName($new_name));         } else {           $src = MEDIA_PATH."/".$cat_id."/".$new_name;           $thumb = $new_name;         }         $dest = THUMB_PATH."/".$cat_id."/".$thumb;       }       else {         if (is_remote($new_name)) {           $src = $new_name;           $thumb = create_unique_filename(THUMB_TEMP_PATH, filterFileName($new_name));         } else {           $src = MEDIA_TEMP_PATH."/".$new_name;           $thumb = $new_name;         }         $dest = THUMB_TEMP_PATH."/".$thumb;

21.2) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$new_thumb_name = $new_name;

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$new_thumb_name = $thumb;

21.3) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6

mt_srand((double) microtime() * 1000000);       $puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';       $user_password = "";       for ($i = 0; $i < 8; $i++) {         $user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1);       }

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	$user_password = random_string(8);       $user_password_hashed = salted_hash($user_password);

21.4) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'               WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2	SET ".get_user_table_field("", "user_password")." = '".$user_password_hashed."'               WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];

21.5) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$current_user_password = md5(trim($HTTP_POST_VARS['current_user_password']));

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$current_user_password = trim($HTTP_POST_VARS['current_user_password']);

21.6) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	if ($current_user_password != $user_info['user_password']) {

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	if (!compare_passwords($current_user_password, $user_info['user_password'])) {

21.7) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

$sql = "UPDATE ".USERS_TABLE."             SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'             WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4

$user_password_hashed = salted_hash($user_password);     $sql = "UPDATE ".USERS_TABLE."             SET ".get_user_table_field("", "user_password")." = '".$user_password_hashed."'             WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];

22.) search in root/register.php

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4

$sql = "INSERT INTO ".USERS_TABLE."             (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")             VALUES             ($user_id, $user_level, '$user_name', '".md5($user_password)."', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5

$user_password_hashed = salted_hash($user_password);     $sql = "INSERT INTO ".USERS_TABLE."             (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")             VALUES             ($user_id, $user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";

23.) search in root/search.php:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$split_words = prepare_searchwords($search_keywords, true);

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1	$split_words = prepare_searchwords_for_search($search_keywords);

23.1) search:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3

$sql = "SELECT m.image_id               FROM (".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)               WHERE w.word_text LIKE '".addslashes(str_replace("*", "%", $split_words[$i]))."'

replace:

PHP Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7 8 9 10 11 12 13

$curr_words = $split_words[$i];       if (!is_array($curr_words)) {           $curr_words = array($curr_words);       }       $where = array();       foreach ($curr_words as $curr_word) {           $where[] = "w.word_text LIKE '".addslashes(str_replace("*", "%", $curr_word))."'";       }         $sql = "SELECT m.image_id               FROM (".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)               WHERE (" . implode(' OR ', $where) . ")