4images Help / Hilfe > Bug Fixes & Patches
[1.7 - 1.7.6] Security fix in global.php
V@no:
In global.php find:
4images version 1.7
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
$config['language_dir'] = $l;
}
}
Replace it with:
$l = null;
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
$l = $requested_l;
$config['language_dir'] = $l;
}
}
4images version 1.7.1 - 1.7.6
if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
Replace it with:
if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
For these who installed [MOD] Language select with cookies support and can't find anything mentioned above, then you'll need find in global.php:
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
$config['language_dir'] = $l;
setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
}
}
else
{
if (isset($HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
{
$l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
}
}
And replace it with:
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
$requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
if (!preg_match('#\.\.[\\\/]#', $requested_l) && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
$l = $requested_l;
$config['language_dir'] = $l;
setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
}
}
else
{
if (isset($HTTP_COOKIE_VARS['4images_lang']) && !preg_match('#\.\.[\\\/]#', $HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
{
$l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
}
}
(I've already updated the code in the mentioned mod with this fix)
P.S.
thanks to 4dabdura for reporting this bug and Jan for providing us with the fix.
kai:
Thanks V@no!
mawenzi:
... thanks V@no for your fix for version 1.7 - 1.7.6 ...
sanko86:
thank you V@no
this is important edit
om6acw:
thanks V@no!
Navigation
[0] Message Index
[#] Next page
Go to full version