62
« on: March 19, 2012, 05:46:51 PM »
A cross site scripting vulnerability in 4images 1.7 - 1.7.10 has been found.
To fix this:
In details.php
find
$meta_keywords = !empty($image_row['image_keywords']) ? implode(", ", explode(",", $image_row['image_keywords'])) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";
and replace it with
$meta_keywords = !empty($image_row['image_keywords']) ? strip_tags(implode(", ", explode(",", $image_row['image_keywords']))) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";
and in rss.php
find 2 x
$text = format_text(trim($text), 1, 0, 1);
and replace it both times with
$text = format_text(trim($text), 2, 0, 1);