4images Help / Hilfe > Bug Fixes & Patches

[1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability

<< < (10/10)

BitBull:
 8O

Thats funny...

my global.php ends with line 438 already.  :?:

here are the last lines of my global.php (426 to 438):

--- Code: ---  $sql = "SELECT cat_id, COUNT(*) AS num_images
          FROM ".IMAGES_TABLE."
          WHERE image_active = 1
          GROUP BY cat_id";
  $result = $site_db->query($sql);

  while ($row = $site_db->fetch_array($result)) {
    $cat_cache[$row['cat_id']]['num_images'] = $row['num_images'];
  }
  $site_db->free_result();
} //end if GET_CACHES

?>

--- End code ---

Just as a relation. The bugfix line lies between 166 to 169:

--- Code: ---if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) {
  $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}

--- End code ---

regards

BitBull

Jan:
Are you sure that the global.php on your server is the same as the one on your harddisk?

BitBull:
I compared it again (took a copy from the server again where I've put the fixed file yesterday ...)

Yes, both are exactely the same

BUT :!: :!: :!:

Don't ask me why. I've had a look on my gallery just now ... the error messages are gone ...  :?  seems that a miracle occured, doesn't it???

I am even able to log in again.   :mrgreen:

So everything is OK. I will check it out tomorrow again ... I hope the bloody messages won't be back again.  :wink:

Thanks Nicky an Jan for your time and support

So lets go on with daily business ... :lol:

regards

Tobi

Navigation

[0] Message Index

[*] Previous page

Go to full version