4images Help / Hilfe > Bug Fixes & Patches
[1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Jan:
Security fix for Cross-Site Scripting Vulnerability
Open global.php and search for
--- Code: ---$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
--- End code ---
in Version 1.7.2 and 1.7.3 or
--- Code: ---$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
--- End code ---
in Version 1.7.1 and 1.7.
Add the following line below
--- Code: ---$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
--- End code ---
mawenzi:
... thanks Jan and Kai ...
Bugfixed:
thanks jan :wink:
honda2000:
ist das in Version 1.7.1 die Zeile??
--- Code: ---$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
--- End code ---
die Zeile
--- Code: ---$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
--- End code ---
find oder hab ich gar nicht
colorssky:
thanx
done! :wink:
Navigation
[0] Message Index
[#] Next page
Go to full version