4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: Jan on September 15, 2006, 01:55:54 PM
-
This is an important security fix.
Replace the two lines in global.php (version 1.7.2 and 1.7.3) or search.php (all versions < 1.7.2):
Replace
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
with
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
Replace
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
with
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
-
... thanks Jan ... and also thanks to Matt ...
-
Eigentlich stehts bei 1.7.1 nicht on der global.php. Wenns bei Dir doch so ist, dann ersetze es in beiden Dateien.
-
Thanks
-
Thanks for keeping us up-to-date.
:)
-
Thanks!
-
Changing this information has dramatically changed the way the keyword search is done when using multiple languages.... now it just doesn't work at all... any thoughts?
Let me clarify... If I changed the language of my board, with appropriate Keyword language tags, it will only search for the first word in the language set and the rest of the keywords will yield strange results.
-
Thanks a lot for notifying everyone :)
-
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
cannot find this second line to replace :(
-
thanks jan.
-
Thanks a lot - Merci beaucoup
-
Thanks a bunch for the update patch Matt & Jan.
Still one of the better stand-alone O/S Galleries
Warm regards from Downtown Miamisburg, Ohio
Michael
-
Thanks so much sir
for keeping us up-to-date
Best regards
-
Thank you very much.
Laurie
-
merci!
vincent
-
Great thank you!
-
Vielen Dank
-
Habe das gerade gemacht. Ver. 1.7. Dann wird bei der Suchanfrage nach Nutzern nichts gefunden.
-
Many thanks for the update :)
-
Ok done !
-
Auch von mir danke für die Arbeit und das Posten hier.
Und ein Danke an jene die die Runmail gesendet haben.
-
THX! :D
-
Thanks a lot - Merci beaucoup
-
I'm sorry, I don't mean to nitpick, but I can't see the codes at all.
-
Ich habe in der Serverausweruing bei den 404s (NOT FOUND) URLs der Art "/4images/search.phpc1ec0e64" gefunden.
Sind das Angriffe auf diese Lücke?
Muß ich mir jetzt Sorgen machen was den Server betrifft? Wie würde sich ein erfolgreicher Angriff ggf. äußern?
Gruß
Manfred
-
Thanks so much sir for keeping us up-to-date :wink:
-
Von mir auch einen herzlichen Dank für den tollen Support, echt Spitze :thumbup:
-
thank you
done
-
ÔßÑÇ ááãÓÇÚÏÉ
Thanks for the update :)
-
Done! Thanks for it :D
phpBB has the same error some time back ;)
-
thanks
-
I cant see what to replace, can you give me the code?
-
:thumbup: thanks for fixing the probs - I love that software
-
Thanks - now to try get my avatars mod working!
-
Thanks for prompt notification/fix details
:mrgreen:
-
Danks für die Info Mail .....
-
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
Diese Zeile finde ich bei mir weder in der search.php noch in der global.php :(
-
THX
-
Пасиб
-
Danke für die Info und die Mailbenachrichtigung
-
Danke schoen jan :mrgreen:
-
thanks for the notification
-
Hi Jan,
thank you. This is just in time, because today I will initially upload the 4images-modules of my new website to my providers host :!:
e-trader_2002
-
Thanks alot! :mrgreen:
-
Thanks for te Add. :lol:
Greez Darkness
-
Thank you! :D
-
DONE
Thanks ;) 8)
-
thanks :D
-
Super danke macht weiter so :)
-
thanks for the patch!
now working on 1.7.3 :D
-
Thank you, files patched
-
thank you :lol:
-
Thanks for the information, Jan. Just Receiving your mail toay cause of mail error.
-
Thanks so much
have been Updated 8O
-
Thanks... :oops:
-------------------------------------------------
http://program-arsivi.pchayat.com (http://program-arsivi.pchayat.com)
-
did the update in version 1.7.1 in global.php and it worked out.
while putting the message version 1.7.2 and 1.7.3 only ... and version <1.7.2 to change in search.php...??
Is the update correctly done in this case ?
-
Is there any "bug checker" for 4homepages? Some of those serious bugs/vulnerabilities could be checked by running a script/etc?
-
Hi,
"bug checker" for 4homepages
The scriptname is 4images :wink:
cu
Kurt