4images Help / Hilfe > Bug Fixes & Patches
[1.7 - 1.7.11] Security fix for XSS issue in global.php
(1/1)
kai:
We've been reported (thanks to jakovits) a cross site scripting vulnerability in 4images 1.7 - 1.7.11.
To fix this:
In global.php
find
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace it with
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
Meldric:
Why the heck are posts deleted here???
Rembrandt:
--- Quote from: Meldric on September 27, 2013, 10:12:56 AM ---Why the heck are posts deleted here???
--- End quote ---
Weil deine Frage in einen völlig falschen Thread ist, auserdem wurde dein Post nicht gelöscht sondern verschoben:
http://www.4homepages.de/forum/index.php?topic=31356.0
mfg Andi
kai:
Richtig, wie Rembrandt es schreibt
Navigation
[0] Message Index
Go to full version