4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
August 17, 2018, 01:58:55 AM

Login with username, password and session length
Search:     Advanced search
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 / 1.7.1] Security fix in sessions.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 3 4 5 » »» Print
Author Topic: [1.7 / 1.7.1] Security fix in sessions.php  (Read 225430 times)
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 31


View Profile WWW
« on: June 07, 2005, 11:17:51 AM »

This is an important security fix.

Open includes/sessions.php and find the following line:

1
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

replace this line with the following code:

1
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
« Last Edit: December 02, 2005, 02:42:29 PM by V@no » Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
b.o.fan
Sr. Member
****
Offline Offline

Posts: 314

Thank You
-Given: 4
-Receive: 2


View Profile WWW
« Reply #1 on: June 08, 2005, 10:36:43 AM »

ich hab das gefixed. aber wozu is das? bzw. wo war der bug?

was wurde gesichert. interessiert mich mal interessehalber... Smile
Logged

www.wartenaufden15.de
i m using 1.78
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 31


View Profile WWW
« Reply #2 on: June 08, 2005, 10:58:29 AM »

Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst Wink

Gruß Jan
Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
b.o.fan
Sr. Member
****
Offline Offline

Posts: 314

Thank You
-Given: 4
-Receive: 2


View Profile WWW
« Reply #3 on: June 08, 2005, 10:59:57 AM »

verstehe. juut.

gut dass ich das installiert hab Wink
Logged

www.wartenaufden15.de
i m using 1.78
edwin
Full Member
***
Offline Offline

Posts: 199

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #4 on: June 08, 2005, 11:33:53 AM »

Jan, in News & Ankündigungen you'll say it's for all versions, but in the headline you write ( [1.7.1] Security fix in sessions.php )

is it only for 1.7.1 or for all versions 4images

Logged
martrix
Hero Member
*****
Offline Offline

Posts: 755

Thank You
-Given: 0
-Receive: 6


View Profile WWW
« Reply #5 on: June 08, 2005, 11:36:48 AM »

Edwin:
It is also for 1.7 - so you should also change that!

Jan:
Could you please change the title of this thread, so it says also 1.7?
Logged

MAяTRIX

mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #6 on: June 08, 2005, 01:22:59 PM »

Quote from: martrix   [Expand]
Jan:
Could you please change the title of this thread, so it says also 1.7 ?

martrix, you are right ... that seems to me also very important ...  Exclamation

mawenzi
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
RoadDogg
Sr. Member
****
Offline Offline

Posts: 488

Thank You
-Given: 1
-Receive: 1


View Profile WWW
« Reply #7 on: June 08, 2005, 06:31:23 PM »

Ist damit das bekannte Problem mit der Übernahme einer SiD gelöst?
Logged

For support requests please don´t forget link to your Gallery/to phpinfo.php
1
2
3
<?
phpinfo()
?>
safe_mode must turned OFF
Please check Error Messages
graficalicus
Full Member
***
Offline Offline

Posts: 235

Thank You
-Given: 0
-Receive: 3


View Profile
« Reply #8 on: June 09, 2005, 06:39:55 PM »

made this change and the whole gallery went down!

direct image link:  http://digiart.graficalicus.com/details.php?image_id=1203

category link: http://digiart.graficalicus.com/categories.php?cat_id=10

home link:  http://digiart.graficalicus.com/

rss link:  http://digiart.graficalicus.com/rss.php

 Question Exclamation Question Exclamation Question Exclamation  help  Exclamation Question
Logged
RoadDogg
Sr. Member
****
Offline Offline

Posts: 488

Thank You
-Given: 1
-Receive: 1


View Profile WWW
« Reply #9 on: June 09, 2005, 06:42:22 PM »

Have you restored your session.php?

which version of 4img do you use?
Logged

For support requests please don´t forget link to your Gallery/to phpinfo.php
1
2
3
<?
phpinfo()
?>
safe_mode must turned OFF
Please check Error Messages
graficalicus
Full Member
***
Offline Offline

Posts: 235

Thank You
-Given: 0
-Receive: 3


View Profile
« Reply #10 on: June 09, 2005, 06:51:44 PM »

restored - using 1.7 - this is the only change I've made in a few days. Dumped my cache, reloaded the page - nothing!

wonder if I've been hacked........
Logged
graficalicus
Full Member
***
Offline Offline

Posts: 235

Thank You
-Given: 0
-Receive: 3


View Profile
« Reply #11 on: June 09, 2005, 06:55:24 PM »

every error line is:
1
$site_template->register_vars(array(

ideas?
Logged
graficalicus
Full Member
***
Offline Offline

Posts: 235

Thank You
-Given: 0
-Receive: 3


View Profile
« Reply #12 on: June 09, 2005, 07:12:36 PM »

fixed - I was editing an old sessions.php   Embarassed  now updated   Neutral

thanks for looking!
Logged
Bugfixed
Jr. Member
**
Offline Offline

Posts: 95

Thank You
-Given: 1
-Receive: 1


View Profile WWW
« Reply #13 on: June 12, 2005, 05:24:40 PM »

hello all.

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
Logged

<?php Find Bug ?>
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #14 on: June 12, 2005, 07:38:29 PM »

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix Wink
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Pages: [1] 2 3 4 5 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.046 seconds with 20 queries.