4images Help / Hilfe > Bug Fixes & Patches
[1.7.1 / 1.7.2] Security fix for SQL injection in session.php
Jan:
This is an important security fix.
Open includes/sessions.php and find the following line:
--- Code: ---$this->session_id = session_id();
--- End code ---
replace this line with the following code:
--- Code: ---$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());
--- End code ---
mawenzi:
Danke für das schnelle Fix ! Und nur für 1.7.1, 1.7.2 ... nicht 1.7 ?
DBCapricorn:
Always on it. Thanks for looking out for us. :)
V@no:
the first one is enough ;)
vBFreak:
Betrifft das auch die User, die die vBulletin-Integration verwenden? Ich kann in der ganzen Datei $this->session_id = session_id(); nirgends finden...
--
Are users of the vBulletin gallery integration also affected? I can't find these lines or $this->session_id = session_id(); at all...
Navigation
[0] Message Index
[#] Next page
Go to full version