4images Help / Hilfe > Bug Fixes & Patches

[1.7 / 1.7.1] Security fix in search.php and register.php

<< < (3/9) > >>

brakstar:
Hi all, What they can do without this fix ?  :?:

I have a 1.1 beta 3 p version of smf ....

V@no:
hmmm....huh?
what SMF has anything to do with 4images? this is 4images support forum not SMF ;)

Ston4Img:

--- Quote from: V@no on December 28, 2005, 03:05:04 PM ---no, it calls "Regular expression" (aka REGEX) http://php.net/manual/function.preg-match.php
The pattern search only < and > in the name, nothing else.

--- End quote ---

Mhh. I can register a User with < and >  after the Update !!! :?:



Edit:
My register.php:
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

      if ($site_db->not_empty($sql)) {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
      }
    }
    elseif (preg_match("#[<>]#", $user_name))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
        $error = 1;
      }

/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

fotograf74:
Hmm,

I fixed my code, but now I canīt use the search function. I get no result.
I think that was not your idea with the sexurity fix.

Whatīs the problem. I use now the old code again.

Ston4Img:
Servus Fotograf74.
Irgendwelche Modifikationen bereits eingebaut? Wenn nicht lade dir 4Images erneut runter und tausche die Dateien aus.

Have you some modification in your 4images? Download 4images again and insert the orginal files.

Navigation

[0] Message Index

[#] Next page

[*] Previous page