4images Help / Hilfe > Bug Fixes & Patches

[1.7.1 / 1.7.2] Security fix for SQL injection in session.php

(1/7) > >>

Jan:
This is an important security fix.

Open includes/sessions.php and find the following line:


--- Code: ---$this->session_id = session_id();
--- End code ---

replace this line with the following code:


--- Code: ---$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());
--- End code ---

mawenzi:
Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

DBCapricorn:
Always on it. Thanks for looking out for us. :)

V@no:
the first one is enough ;)

vBFreak:
Betrifft das auch die User, die die vBulletin-Integration verwenden? Ich kann in der ganzen Datei $this->session_id = session_id(); nirgends finden...

--

Are users of the vBulletin gallery integration also affected? I can't find these lines or $this->session_id = session_id(); at all...

Navigation

[0] Message Index

[#] Next page