4images Help / Hilfe > Bug Fixes & Patches
[1.7 - 1.7.8] Security fix for XSS vulnerability in admin/admin_functions.php
(1/1)
kai:
A cross site scripting vulnerability in 4images 1.7 - 1.7.8 has been found.
To fix this:
In admin/admin_functions.php
find
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";
and replace it with
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";
find
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a> ";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a> ";
find
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
If you are using 4images v1.7 also add in includes/functions.php above ?>
function safe_htmlspecialchars($chars) {
// Translate all non-unicode entities
$chars = preg_replace(
'/&(?!(#[0-9]+|[a-z]+);)/si',
'&',
$chars
);
$chars = str_replace(">", ">", $chars);
$chars = str_replace("<", "<", $chars);
$chars = str_replace('"', """, $chars);
return $chars;
}
Thanks to Secunia Research for finding and reporting this vulnerability!
jkn:
hello,
when i'm adding the code to v1.7 works nothing in the admin-backend!
any solution??
thx
jkn
ulrich:
I am having the same problem with 1.7. Instead of the menu in the top left corner I am getting this:
--- Quote ---Fatal error: Call to undefined function safe_htmlspecialchars() in <path to gallery>/admin/admin_functions.php on line 632
--- End quote ---
Line 632 reads echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
How do I get the menu working again? BTW, version 1.7.6 works fine with this fix.
V@no:
added one more step
Navigation
[0] Message Index
Go to full version