4images Help / Hilfe > Bug Fixes & Patches
[1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
BitBull:
8O
Thats funny...
my global.php ends with line 438 already. :?:
here are the last lines of my global.php (426 to 438):
--- Code: --- $sql = "SELECT cat_id, COUNT(*) AS num_images
FROM ".IMAGES_TABLE."
WHERE image_active = 1
GROUP BY cat_id";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$cat_cache[$row['cat_id']]['num_images'] = $row['num_images'];
}
$site_db->free_result();
} //end if GET_CACHES
?>
--- End code ---
Just as a relation. The bugfix line lies between 166 to 169:
--- Code: ---if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) {
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}
--- End code ---
regards
BitBull
Jan:
Are you sure that the global.php on your server is the same as the one on your harddisk?
BitBull:
I compared it again (took a copy from the server again where I've put the fixed file yesterday ...)
Yes, both are exactely the same
BUT :!: :!: :!:
Don't ask me why. I've had a look on my gallery just now ... the error messages are gone ... :? seems that a miracle occured, doesn't it???
I am even able to log in again. :mrgreen:
So everything is OK. I will check it out tomorrow again ... I hope the bloody messages won't be back again. :wink:
Thanks Nicky an Jan for your time and support
So lets go on with daily business ... :lol:
regards
Tobi
Navigation
[0] Message Index
[*] Previous page
Go to full version