31
Chit Chat / Re: I'm Back :-)
« on: September 08, 2015, 01:51:13 PM »
Welcome!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
33
Chit Chat / Re: Biete Anpassung und Validierung
« on: January 27, 2014, 08:51:54 AM »
Gut, dann ist das geklärt.
Natürlich sind auch andere User gerne aufgerufen hier ihr Feedback über Arbeiten mit Dir zu posten.
Natürlich sind auch andere User gerne aufgerufen hier ihr Feedback über Arbeiten mit Dir zu posten.
34
Chit Chat / Re: Biete Anpassung und Validierung
« on: January 22, 2014, 10:46:17 AM »
@ InAction,
danke für die Info und deine (leider gemachte) Erfahrung.
danke für die Info und deine (leider gemachte) Erfahrung.
35
Requests for paid modifications / Jobbörse / Re: Lizenz verkauf 70€ / License sale $ 92,79 - 4images
« on: January 16, 2014, 01:40:05 PM »
Hallo InAction,
es geht aber nicht um den Verkauf der Lizenz, oder?
es geht aber nicht um den Verkauf der Lizenz, oder?
36
Bug Fixes & Patches / Re: [1.7 - 1.7.11] Security fix for XSS issue in global.php
« on: September 27, 2013, 02:33:56 PM »
Richtig, wie Rembrandt es schreibt
37
Bug Fixes & Patches / [1.7 - 1.7.11] Security fix for XSS issue in global.php
« on: July 16, 2013, 06:17:58 PM »
We've been reported (thanks to jakovits) a cross site scripting vulnerability in 4images 1.7 - 1.7.11.
To fix this:
In global.php
find
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace it with
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
To fix this:
In global.php
find
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace it with
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
38
Feedback & Suggestions / Re: 1.7.11 Security fix for XSS issue in global.php
« on: July 15, 2013, 06:02:20 PM »
or
find in "global.php"
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace with
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
find in "global.php"
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace with
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
39
Installation, Update & Configuration / Re: PHP 5.4
« on: May 31, 2013, 08:58:05 AM »
Nein, musst du bei der Originalinstallation von 1.7.11 nicht.
http://demo.4homepages.de/ läuft auch auf PHP 5.4.
http://demo.4homepages.de/ läuft auch auf PHP 5.4.
40
Language Packs / Re: [Language] UKRAINIAN language files
« on: March 20, 2013, 01:32:58 PM »
cool!
thank you!
thank you!
41
Mods & Plugins (Releases & Support) / Re: [Mod] Google Search Author
« on: November 13, 2012, 12:26:05 PM »
Yes, and you can test your integration with Googles rich snippet test tool:
http://www.google.com/webmasters/tools/richsnippets
e.g. http://www.google.com/webmasters/tools/richsnippets?url=http%3A%2F%2Fpukhtoogle.com%2Fgallery%2Fimg-village-life-30-akhtar-melay---pukhtoogle-1101.htm&html=
http://www.google.com/webmasters/tools/richsnippets
e.g. http://www.google.com/webmasters/tools/richsnippets?url=http%3A%2F%2Fpukhtoogle.com%2Fgallery%2Fimg-village-life-30-akhtar-melay---pukhtoogle-1101.htm&html=
42
Templates & Styles (Requests & Discussions) / Re: [ Metro ] Style template for 4images ( Coming soon )
« on: October 23, 2012, 01:24:17 PM »
Looks great so far!
go ahead
go ahead
43
Mods & Plugins (Releases & Support) / Re: [Mod] Automatic Database Backup
« on: September 19, 2012, 08:22:00 AM »
ah, sehr hilfreich!
44
Discussion & Troubleshooting / Re: MySQL Version Query
« on: September 17, 2012, 09:10:49 AM »
Hi,
no, you don't have to do any changes to your 4images tables
no, you don't have to do any changes to your 4images tables
45
News & Announcements / Re: 4images 1.7.11
« on: July 25, 2012, 01:28:20 PM »
Here is a detailed list of what has been changed in the php files from 4images 1.7.10 -> 1.7.11.
(The best way for yourself to compare the code of files is to use Winmerge.)
details.php
search for
$meta_keywords = !empty($image_row['image_keywords']) ? implode(", ", explode(",", $image_row['image_keywords'])) : "";
replace with
$meta_keywords = !empty($image_row['image_keywords']) ? strip_tags(implode(", ", explode(",", $image_row['image_keywords']))) : "";
rss.php
search for
function format_rss_html($text) {
$text = format_text(trim($text), 1, 0, 1);
return $text;
}
replace with
function format_rss_html($text) {
$text = format_text(trim($text), 2, 0, 1);
return $text;
}
admin/categories.php
search for
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;
replace with
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;
admin/index.php
search for
if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;
}
replace with
if ($redirect != "") {
if (strpos($redirect, '://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;
}
search for
if ($action == "frames") {
if ($goto != "") {
$framesrc = $site_sess->url($goto);
}
else {
$framesrc = $site_sess->url("home.php");
}
replace with
if ($action == "frames") {
if ($goto != "" && strpos($goto, '://') === false) {
$framesrc = $site_sess->url($goto);
}
else {
$framesrc = $site_sess->url("home.php");
}
admin/users.php
search for
else {
$activation = 0;
}
replace with
else {
if ($config['account_activation'] == 2 && $user_row['user_level'] == USER_AWAITING) {
$activation = 1;
} else {
$activation = 0;
}
}
data/database/default/mysql_default.sql
use the mysql_default.sql from 1.7.11 package
includes/db_mysql.php
search for
function Db($db_host, $db_user, $db_password = "", $db_name = "", $db_pconnect = 0) {
$connect_handle = ($db_pconnect) ? "mysql_pconnect" : "mysql_connect";
if (!$this->connection = @$connect_handle($db_host, $db_user, $db_password)) {
$this->error("Could not connect to the database server ($db_host, $db_user).", 1);
}
if ($db_name != "") {
if (!@mysql_select_db($db_name)) {
@mysql_close($this->connection);
$this->error("Could not select database ($db_name).", 1);
}
}
return $this->connection;
}
replace with
function Db($db_host, $db_user, $db_password = "", $db_name = "", $db_pconnect = 0) {
$connect_handle = ($db_pconnect) ? "mysql_pconnect" : "mysql_connect";
if (!$this->connection = @$connect_handle($db_host, $db_user, $db_password)) {
$this->error("Could not connect to the database server ($db_host, $db_user).", 1);
}
if ($db_name != "") {
if (!@mysql_select_db($db_name)) {
@mysql_close($this->connection);
$this->error("Could not select database ($db_name).", 1);
}
}
return $this->connection;
}
function escape($value) {
return mysql_real_escape_string($value, $this->connection);
}
includes/functions.php
search for
function check_email($email) {
return (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i', $email)) ? 1 : 0;
}
replace with
function check_email($email) {
return (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,}$/i', $email)) ? 1 : 0;
}
includes/search_utils.php
search for
$word_cache = array();
foreach ($split_words as $word) {
$word_cache[$word] = 1;
$allwords_sql .= ($allwords_sql != "") ? ", '".$word."'" : "'".$word."'";
}
replace with
$word_cache = array();
foreach ($split_words as $word) {
$word_cache[$word] = 1;
$allwords_sql .= ($allwords_sql != "") ? ", '".addslashes($word)."'" : "'".addslashes($word)."'";
}
search for
$sql = "INSERT INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_insert_key_sql.")
SELECT DISTINCT $image_id, word_id".$match_insert_val_sql."
FROM ".WORDLIST_TABLE."
WHERE word_text = '$key'";
$site_db->query($sql);
replace with
$sql = "INSERT INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_insert_key_sql.")
SELECT DISTINCT $image_id, word_id".$match_insert_val_sql."
FROM ".WORDLIST_TABLE."
WHERE word_text = '" . addslashes($key) . "'";
$site_db->query($sql);
includes/sessions.php
search for
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", $this->user_info['user_password']);
}
replace with
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", md5($this->user_info['user_password']));
}
If you want to get rid of the update notice in the admin area, edit the value in constants.php.
thanks to Crazymodder!
(The best way for yourself to compare the code of files is to use Winmerge.)
details.php
search for
$meta_keywords = !empty($image_row['image_keywords']) ? implode(", ", explode(",", $image_row['image_keywords'])) : "";
replace with
$meta_keywords = !empty($image_row['image_keywords']) ? strip_tags(implode(", ", explode(",", $image_row['image_keywords']))) : "";
rss.php
search for
function format_rss_html($text) {
$text = format_text(trim($text), 1, 0, 1);
return $text;
}
replace with
function format_rss_html($text) {
$text = format_text(trim($text), 2, 0, 1);
return $text;
}
admin/categories.php
search for
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;
replace with
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;
admin/index.php
search for
if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;
}
replace with
if ($redirect != "") {
if (strpos($redirect, '://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;
}
search for
if ($action == "frames") {
if ($goto != "") {
$framesrc = $site_sess->url($goto);
}
else {
$framesrc = $site_sess->url("home.php");
}
replace with
if ($action == "frames") {
if ($goto != "" && strpos($goto, '://') === false) {
$framesrc = $site_sess->url($goto);
}
else {
$framesrc = $site_sess->url("home.php");
}
admin/users.php
search for
else {
$activation = 0;
}
replace with
else {
if ($config['account_activation'] == 2 && $user_row['user_level'] == USER_AWAITING) {
$activation = 1;
} else {
$activation = 0;
}
}
data/database/default/mysql_default.sql
use the mysql_default.sql from 1.7.11 package
includes/db_mysql.php
search for
function Db($db_host, $db_user, $db_password = "", $db_name = "", $db_pconnect = 0) {
$connect_handle = ($db_pconnect) ? "mysql_pconnect" : "mysql_connect";
if (!$this->connection = @$connect_handle($db_host, $db_user, $db_password)) {
$this->error("Could not connect to the database server ($db_host, $db_user).", 1);
}
if ($db_name != "") {
if (!@mysql_select_db($db_name)) {
@mysql_close($this->connection);
$this->error("Could not select database ($db_name).", 1);
}
}
return $this->connection;
}
replace with
function Db($db_host, $db_user, $db_password = "", $db_name = "", $db_pconnect = 0) {
$connect_handle = ($db_pconnect) ? "mysql_pconnect" : "mysql_connect";
if (!$this->connection = @$connect_handle($db_host, $db_user, $db_password)) {
$this->error("Could not connect to the database server ($db_host, $db_user).", 1);
}
if ($db_name != "") {
if (!@mysql_select_db($db_name)) {
@mysql_close($this->connection);
$this->error("Could not select database ($db_name).", 1);
}
}
return $this->connection;
}
function escape($value) {
return mysql_real_escape_string($value, $this->connection);
}
includes/functions.php
search for
function check_email($email) {
return (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i', $email)) ? 1 : 0;
}
replace with
function check_email($email) {
return (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,}$/i', $email)) ? 1 : 0;
}
includes/search_utils.php
search for
$word_cache = array();
foreach ($split_words as $word) {
$word_cache[$word] = 1;
$allwords_sql .= ($allwords_sql != "") ? ", '".$word."'" : "'".$word."'";
}
replace with
$word_cache = array();
foreach ($split_words as $word) {
$word_cache[$word] = 1;
$allwords_sql .= ($allwords_sql != "") ? ", '".addslashes($word)."'" : "'".addslashes($word)."'";
}
search for
$sql = "INSERT INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_insert_key_sql.")
SELECT DISTINCT $image_id, word_id".$match_insert_val_sql."
FROM ".WORDLIST_TABLE."
WHERE word_text = '$key'";
$site_db->query($sql);
replace with
$sql = "INSERT INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_insert_key_sql.")
SELECT DISTINCT $image_id, word_id".$match_insert_val_sql."
FROM ".WORDLIST_TABLE."
WHERE word_text = '" . addslashes($key) . "'";
$site_db->query($sql);
includes/sessions.php
search for
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", $this->user_info['user_password']);
}
replace with
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", md5($this->user_info['user_password']));
}
If you want to get rid of the update notice in the admin area, edit the value in constants.php.
thanks to Crazymodder!