4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kai on April 11, 2011, 10:23:17 AM

Title: [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php
Post by: kai on April 11, 2011, 10:23:17 AM
A possible sql injection vulnerability in 4images 1.7 - 1.7.9 has been found.
With this logged in admin users could alter queries to the application SQL database.

To fix this:

In admin/categories.php

find 2 x

  $auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
  $auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
  $auth_download = $HTTP_POST_VARS['auth_download'];
  $auth_upload = $HTTP_POST_VARS['auth_upload'];
  $auth_directupload = $HTTP_POST_VARS['auth_directupload'];
  $auth_vote = $HTTP_POST_VARS['auth_vote'];
  $auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
  $auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
  $auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];

and replace with

  $auth_viewcat = intval($HTTP_POST_VARS['auth_viewcat']);
  $auth_viewimage = intval($HTTP_POST_VARS['auth_viewimage']);
  $auth_download = intval($HTTP_POST_VARS['auth_download']);
  $auth_upload = intval($HTTP_POST_VARS['auth_upload']);
  $auth_directupload = intval($HTTP_POST_VARS['auth_directupload']);
  $auth_vote = intval($HTTP_POST_VARS['auth_vote']);
  $auth_sendpostcard = intval($HTTP_POST_VARS['auth_sendpostcard']);
  $auth_readcomment = intval($HTTP_POST_VARS['auth_readcomment']);
  $auth_postcomment = intval($HTTP_POST_VARS['auth_postcomment']);