4images Forum & Community

International => Español / Castellano => Topic started by: benzo on May 07, 2009, 10:44:10 AM

Title: Parche de seguridad en global.php - Versiones 1.7 a 1.7.6
Post by: benzo on May 07, 2009, 10:44:10 AM

Parche de seguridad en global.php

Anuncio: http://www.4homepages.de/forum/index.php?topic=24526.0

Para la versión  1.7.0

En global.php buscar:

Code: [Select]

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    $config['language_dir'] = $l;
  }
}
cambiar por

Code: [Select]

$l = null;
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    $l = $requested_l;
    $config['language_dir'] = $l;
  }
}
Para las versiones 1.7.1 a 1.7.6

En global.php, buscar:

Code: [Select]

  if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

reemplazar por:

Code: [Select]

  if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
_____________________________________________________________________


Si utilizas el MOD selección de idioma (http://www.4homepages.de/forum/index.php?topic=4743.0) con soporte de cookies (http://www.4homepages.de/forum/index.php?topic=4743.msg31555#msg31555)

busca en global.php:

Code: [Select]

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    $config['language_dir'] = $l;
    setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
  }
}
else
{
  if (isset($HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    $l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}
y reemplazalo por:

Code: [Select]

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!preg_match('#\.\.[\\\/]#', $requested_l) && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    $l = $requested_l;
    $config['language_dir'] = $l;
    setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
  }
}
else
{
  if (isset($HTTP_COOKIE_VARS['4images_lang']) && !preg_match('#\.\.[\\\/]#', $HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    $l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}

Title: Re: Parche de seguridad en global.php - Versiones 1.7 a 1.7.6
Post by: kai on May 07, 2009, 11:09:15 AM

Gracias!

Title: Re: Parche de seguridad en global.php - Versiones 1.7 a 1.7.6
Post by: ocbpremium on July 30, 2010, 09:25:36 AM

yo tengo la 1.7.7 necesito algun parche ?

Title: Re: Parche de seguridad en global.php - Versiones 1.7 a 1.7.6
Post by: benzo on August 11, 2010, 02:47:07 AM

Sólo versiones anteriores a la 1.7.7

Se cierra el mensaje ya que son versiones con más de 2 años.