4images Help / Hilfe > Bug Fixes & Patches

[1.7.2] Security fix for global.php

(1/7) > >>

V@no:
If you downloaded 4images v1.7.2 before 25-04-2006 you should apply this fix!
If you downloaded it after that date, then you should not worry about it, the download package already conteins this fix.

Step 1

In global.php
find:
--- Code: --- /*
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r",   "\n", $val);
$val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D
*/

/*
do {
        $oldval = $val;
        $val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
      } while ($oldval != $val);
*/

--- End code ---

Replace with:
--- Code: ---      $val = str_replace("\r\n", "\n", $val);
      $val = str_replace("\r",   "\n", $val);
      $val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D

      do {
        $oldval = $val;
        $val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
      } while ($oldval != $val);

--- End code ---

Or you can download 4images package from this page and replace global.php from that package.

Step 2

And in case someone already used this hole on your site, you should find and delete any user who has < and > tags in their name (well, atleast these who has <script or other HTML tags) (personaly I would not feel bad even perm ban for that)
For that go to ACP (Admin Control Panel) -> Edit users -> in the "Userame conteins" field enter: < and click "Find"
Repeat search for >

[EDIT]
For these who cant find the code above, you probably have something like this instead:
--- Code: ---      $val = str_replace("\r\n", "\n", $val);
      $val = str_replace("\r",   "\n", $val);
      $val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D
--- End code ---
(note, there is no /* and */ around that block of code!
So, replace this block with the code above.

qwertz:
thank you, for your update-info!  :)

andreas

devilsoulblack:
thanks

koikonut:
This passage is not in my global.php!

In my global.php only I can find this:


--- Code: ---  $search2 =
      "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
  $replace2 = //str_repeat("\r", strlen($search2));
      "\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";

  foreach ($array as $key => $val) {
    if (is_array($val)) {
      $val = clean_array($val);
    } else {
      $val = preg_replace($search, $replace, $val);

      $val = str_replace("\r\n", "\n", $val);
      $val = str_replace("\r",   "\n", $val);
      $val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D
    }

    $array[$key] = $val;
  }

  return $array;
--- End code ---

What do I have to do,
Thanks and bye

egyptsons:
8)
Done
Thanks V@no :wink:

Navigation

[0] Message Index

[#] Next page

Go to full version