4images Help / Hilfe > Bug Fixes & Patches

[1.7 - 1.7.6] Security fix in global.php

(1/3) > >>

V@no:
In global.php find:

4images version 1.7

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    $config['language_dir'] = $l;
  }
}

Replace it with:

$l = null;
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    $l = $requested_l;
    $config['language_dir'] = $l;
  }
}




4images version 1.7.1 - 1.7.6

  if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

Replace it with:

  if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {




For these who installed [MOD] Language select with cookies support and can't find anything mentioned above, then you'll need find in global.php:

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    $config['language_dir'] = $l;
    setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
  }
}
else
{
  if (isset($HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    $l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}


And replace it with:

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!preg_match('#\.\.[\\\/]#', $requested_l) && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    $l = $requested_l;
    $config['language_dir'] = $l;
    setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
  }
}
else
{
  if (isset($HTTP_COOKIE_VARS['4images_lang']) && !preg_match('#\.\.[\\\/]#', $HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    $l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}

(I've already updated the code in the mentioned mod with this fix)


P.S.
thanks to 4dabdura for reporting this bug and Jan for providing us with the fix.

kai:
Thanks V@no!

mawenzi:
... thanks V@no for your fix for version 1.7 - 1.7.6 ...

sanko86:
thank you  V@no
this is  important edit

om6acw:
thanks V@no!

Navigation

[0] Message Index

[#] Next page

Go to full version