4images Help / Hilfe > Bug Fixes & Patches

[1.7 / 1.7.1] Security fix in search.php and register.php

(1/10) > >>

V@no:
This is an important security fix.
Это очень важная заплатка для опасной дыры в скрипте

Step 1

In search.php any variables or other code that is located below copyright notice
В search.php всё что находится ниже копирайта (который заканьчиватся этой строкой):

--- Code: ---*************************************************************************/
--- End code ---
and above
и выше:

--- Code: ---$main_template = 'search';
--- End code ---


must be moved below
должно быть перенесено ниже:
--- Code: ---include(ROOT_PATH.'global.php');
--- End code ---

In default 4images, the block that must be moved is:
В свежей 4images кусок кода который должен быть перемещён выглядит так:
--- Code: ---if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
  $show_result = 1;
}
else {
  $show_result = 0;
}

if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
  $search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
  if ($search_keywords != "") {
    $show_result = 1;
  }
}
else {
  $search_keywords = "";
}
$org_search_keywords = $search_keywords;

if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
  $search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
  if ($search_user != "") {
    $show_result = 1;
  }
}
else {
  $search_user = "";
}
$org_search_user = $search_user;

if (isset($HTTP_POST_VARS['search_terms'])) {
  $search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 1 : 0;
}
else {
  $search_terms = 0;
}

if (isset($HTTP_POST_VARS['search_fields'])) {
  $search_fields = trim($HTTP_POST_VARS['search_fields']);
}
else {
  $search_fields = "all";
}

$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;

if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
  $search_new_images = 1;
  $show_result = 1;
}
else {
  $search_new_images = 0;
}
--- End code ---


Step 2

In register.php find:
В register.php найдите:
--- Code: ---      if ($site_db->not_empty($sql)) {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
      }
--- End code ---

Insert below:
Добавьте ниже:
--- Code: ---      elseif (preg_match("#[<>]#", $user_name))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
        $error = 1;
      }
--- End code ---


Then in lang/<your language>/main.php at the end, above closing ?> insert:
Затем в lang/<ваш языковой пакет>/main.php в самый конец файла, выше закрывающей ?> добавьте:
--- Code: ---$lang['username_bad_characters'] = "Username contains not allowed character(s)";
--- End code ---


Step 3

In global.php find:
В global.php найдите:

--- Code: ---//-----------------------------------------------------
//--- Start DB ----------------------------------------
//-----------------------------------------------------
--- End code ---

Insert above:
Добавьте выше:

--- Code: ---if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
  $show_result = 1;
}
else {
  $show_result = 0;
}

if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
  $search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
  if ($search_keywords != "") {
    $show_result = 1;
  }
}
else {
  $search_keywords = "";
}

if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
  $search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
  if ($search_user != "") {
    $show_result = 1;
  }
}
else {
  $search_user = "";
}

if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
  $search_new_images = 1;
  $show_result = 1;
}
else {
  $search_new_images = 0;
}
--- End code ---

If you wish, you can remove this block of code from search.php to increase perfomance (very insignificaly).
Если вы хотите, то можете удалить такой-же блок кода из search.php, но это не обязательно.



In the attachment below you can find already modifyed default search.php, register.php and global.php
Вы можете загрузить исправленные search.php, register.php и global.php из приложеного архива.

piet:
Thank you very much!

TheOracle:
Actually, I don't get this ...

why would :


--- Quote ---
$main_template = 'search';


--- End quote ---

need to be moved below the global.php line ?

All 4images's PHP files (on the root path - even the index.php file) has the $main_template string on top of the GET_CACHES line ...

V@no:
That is why my earlier suggestion was "Re-read three times, reply ones" ;)

There is nothing says about moving that line...it says "the code above it"

Eagle Eye:
Thanks  :D

Navigation

[0] Message Index

[#] Next page

Go to full version