4images Forum & Community
International => Español / Castellano => Topic started by: benzo on May 07, 2009, 10:44:10 AM
-
Parche de seguridad en global.php
Anuncio: http://www.4homepages.de/forum/index.php?topic=24526.0
Para la versión 1.7.0
En global.php buscar:
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
$config['language_dir'] = $l;
}
}
cambiar por
$l = null;
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
$l = $requested_l;
$config['language_dir'] = $l;
}
}
Para las versiones 1.7.1 a 1.7.6
En global.php, buscar:
if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
reemplazar por:
if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
_____________________________________________________________________
Si utilizas el MOD selección de idioma (http://www.4homepages.de/forum/index.php?topic=4743.0) con soporte de cookies (http://www.4homepages.de/forum/index.php?topic=4743.msg31555#msg31555)
busca en global.php:
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
$config['language_dir'] = $l;
setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
}
}
else
{
if (isset($HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
{
$l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
}
}
y reemplazalo por:
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (!preg_match('#\.\.[\\\/]#', $requested_l) && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
$l = $requested_l;
$config['language_dir'] = $l;
setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
}
}
else
{
if (isset($HTTP_COOKIE_VARS['4images_lang']) && !preg_match('#\.\.[\\\/]#', $HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
{
$l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
}
}
-
Gracias!
-
yo tengo la 1.7.7 necesito algun parche ?
-
Sólo versiones anteriores a la 1.7.7
Se cierra el mensaje ya que son versiones con más de 2 años.