4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: V@no on April 02, 2009, 03:27:36 PM

Title: [1.7 - 1.7.6] Security fix in global.php
Post by: V@no on April 02, 2009, 03:27:36 PM
In global.php find:

4images version 1.7

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    $config['language_dir'] = $l;
  }
}

Replace it with:

$l = null;
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    $l = $requested_l;
    $config['language_dir'] = $l;
  }
}




4images version 1.7.1 - 1.7.6

  if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

Replace it with:

  if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {





For these who installed [MOD] Language select (http://www.4homepages.de/forum/index.php?topic=4743.0) with cookies support (http://www.4homepages.de/forum/index.php?topic=4743.msg31555#msg31555) and can't find anything mentioned above, then you'll need find in global.php:

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    $config['language_dir'] = $l;
    setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
  }
}
else
{
  if (isset($HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    $l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}


And replace it with:

if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (!preg_match('#\.\.[\\\/]#', $requested_l) && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {
    $l = $requested_l;
    $config['language_dir'] = $l;
    setcookie('4images_lang', $l, (time()+ 60 * 60 * 24 * 365), "/", "", 0);
  }
}
else
{
  if (isset($HTTP_COOKIE_VARS['4images_lang']) && !preg_match('#\.\.[\\\/]#', $HTTP_COOKIE_VARS['4images_lang']) && file_exists(ROOT_PATH.'lang/'.$HTTP_COOKIE_VARS['4images_lang'].'/main.php'))
  {
    $l = $config['language_dir'] = $HTTP_COOKIE_VARS['4images_lang'];
  }
}

(I've already updated the code in the mentioned mod with this fix)




P.S.
thanks to 4dabdura (http://www.4homepages.de/forum/index.php?action=profile;u=24319) for reporting this bug and Jan (http://www.4homepages.de/forum/index.php?action=profile;u=2) for providing us with the fix.
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: kai on April 02, 2009, 08:37:48 PM
Thanks V@no!
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: mawenzi on April 02, 2009, 10:05:17 PM
... thanks V@no for your fix for version 1.7 - 1.7.6 ...
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: sanko86 on April 03, 2009, 03:33:01 PM
thank you  V@no
this is  important edit
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: om6acw on April 06, 2009, 07:01:20 PM
thanks V@no!
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: V@no on April 08, 2009, 03:03:04 PM
thanks
the fix is not compatible with [lang mod]
http://www.4homepages.de/forum/index.php?topic=4743.msg74088#msg74088

I've updated the code in this post:
http://www.4homepages.de/forum/index.php?topic=4743.msg31555#msg31555
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: Sunny C. on April 08, 2009, 07:05:35 PM
Habt ihr das im "Downloadpaket" schon beigefügt? Damit andere, die 4images z.B heute einsetzen wollen bzw. downloaden wollen das nicht hier extra suchen müssen!
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: yesme on April 10, 2009, 02:46:21 PM
Hi,

Thank V@no for the updates and fix.   :)

Regards,
Yesme
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: Jasi on April 10, 2009, 05:34:15 PM
Hi,

Thank V@no for the updates and fix.  :)

Best Regards,
Jasi

----------------------------------------------------------

Danke V@no für's Update und den Fix !  :)

Beste Grüße
Jasi
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: Blackman5001 on April 13, 2009, 09:52:48 PM
Habt ihr das im "Downloadpaket" schon beigefügt? Damit andere, die 4images z.B heute einsetzen wollen bzw. downloaden wollen das nicht hier extra suchen müssen!

Ist nicht drin. Habe es gestern runtergeladen und installiert und jetzt die Änderungen gemacht.
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: softxgame on May 06, 2009, 06:04:45 AM
Thank you for the follow-up
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: takeiteasy on August 03, 2009, 06:30:17 AM
Thank you very much :D






I'm banned for spam. All links were removed. One message is more then enough.
Title: Re: [1.7 - 1.7.6] Security fix in global.php
Post by: soft4arab on August 11, 2009, 01:50:52 PM
teknopaylaşım (http://www.teknopaylasim.net)
bilgi paylaşım (http://www.bilgibaz.net)
Oyun sunucuları, domain, hosting, reseller, vps (http://www.liderserver.com)