4images Help / Hilfe > Bug Fixes & Patches
[1.7 - 1.7.3] Security fix for SQL injection in global.php
Jan:
This is an important security fix.
Replace the two lines in global.php (version 1.7.2 and 1.7.3) or search.php (all versions < 1.7.2):
Replace
--- Code: ---$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
--- End code ---
with
--- Code: ---$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
--- End code ---
Replace
--- Code: ---$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
--- End code ---
with
--- Code: ---$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
--- End code ---
mawenzi:
... thanks Jan ... and also thanks to Matt ...
Jan:
Eigentlich stehts bei 1.7.1 nicht on der global.php. Wenns bei Dir doch so ist, dann ersetze es in beiden Dateien.
securitydot:
Thanks
Fastian:
Thanks for keeping us up-to-date.
:)
Navigation
[0] Message Index
[#] Next page
Go to full version