Author Topic: [1.7 / 1.7.1] Security fix in search.php and register.php  (Read 177793 times)

0 Members and 1 Guest are viewing this topic.

Offline fotograf74

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #15 on: January 08, 2006, 05:06:23 PM »
Habe natürlich einige Modifikationen eingebaut

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #16 on: January 08, 2006, 05:38:28 PM »
Habe natürlich einige Modifikationen eingebaut
Tja. Ohne Sicherungen siehst du jetzt "alt" aus  :?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #17 on: January 08, 2006, 08:25:57 PM »
Attach your search.php to the reply.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #18 on: January 08, 2006, 08:31:30 PM »
Hi V@ano!

Have u an idea for my "problem"???

Mhh. I can register a User with < and >  after the Update !!! :?:



Edit:
My register.php:
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

      
if ($site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    elseif (
preg_match("#[<>]#"$user_name))
      {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_bad_characters'];
        
$error 1;
      }

/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/


Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #19 on: January 08, 2006, 08:42:08 PM »
Hi V@ano!

Have u an idea for my "problem"???
Please atach your register.php, better yet, if you can show a URL to your site, then rename  register.php that is on your server to register.phps (do not upload new register.phps) and show url to it. (PM me if you dont want it to be public)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #20 on: January 08, 2006, 09:01:00 PM »
http://people.freenet.de/stonyce/register.txt
The 4Images is only "local" ... anyhow often (-->  :?:)

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #21 on: January 08, 2006, 09:57:33 PM »
Ok, you've inserted the code in the wrong place. You must move the added code (blue) above the red baracket:
Quote
      if ($site_db->not_empty($sql)) {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
      }
    }
    elseif (preg_match("#[<>]#", $user_name))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
        $error = 1;
      }
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #22 on: January 08, 2006, 10:13:45 PM »
Thank you!

Offline hyde101

  • Sr. Member
  • ****
  • Posts: 410
  • 34TR.COM (Running 4images)
    • View Profile
    • Nostalgia Istanbul
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #23 on: January 13, 2006, 03:35:47 PM »
Thanks, modified as above on 1.7
Tried to Search, works fine,
Tried to register (seems to work fine)

Thank You

Please Vote for my site: Here

Offline fotograf74

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #24 on: January 14, 2006, 07:13:05 PM »
Hmm,

I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.

What´s the problem. I use now the old code again.



Attach your search.php to the reply.

Here is my search.php:
Code: [Select]
<?php
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: search.php                                           *
 *        Copyright: (C) 2002 Jan Sorgalla                                *
 *            Email: jan@4homepages.de                                    *
 *              Web: http://www.4homepages.de                             *
 *    Scriptversion: 1.7.1                                                *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
 *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
 *    ---------------------------------------------------------------     *
 *    This script is NOT freeware! Please read the Copyright Notice       *
 *    (Licence.txt) for further information.                              *
 *                                                                        *
 *************************************************************************/
if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
  
$show_result 1;
}
else {
  
$show_result 0;
}

if (isset(
$HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
  
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
  if (
$search_keywords != "") {
    
$show_result 1;
  }
}
else {
  
$search_keywords "";
}
$org_search_keywords $search_keywords;

if (isset(
$HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
  
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
  if (
$search_user != "") {
    
$show_result 1;
  }
}
else {
  
$search_user "";
}
$org_search_user $search_user;

if (isset(
$HTTP_POST_VARS['search_terms'])) {
  
$search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 0;
}
else {
  
$search_terms 0;
}

if (isset(
$HTTP_POST_VARS['search_fields'])) {
  
$search_fields trim($HTTP_POST_VARS['search_fields']);
}
else {
  
$search_fields "all";
}

$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;

if (isset(
$HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
  
$search_new_images 1;
  
$show_result 1;
}
else {
  
$search_new_images 0;
}

$main_template 'search';

define('GET_CACHES'1);
define('ROOT_PATH''./');
include(
ROOT_PATH.'global.php');
require(
ROOT_PATH.'includes/sessions.php');
$user_access get_permission();
include(
ROOT_PATH.'includes/search_utils.php');

$search_id = array();

if (
$search_user != "" && $show_result == 1) {
  
$search_user str_replace('*''%'trim($search_user));
  
$sql "SELECT ".get_user_table_field("""user_id")."
          FROM "
.USERS_TABLE."
          WHERE "
.get_user_table_field("""user_name")." LIKE '$search_user'";
  
$result $site_db->query($sql);
  
$search_id['user_ids'] = "";
  if (
$result) {
    while (
$row $site_db->fetch_array($result)) {
      
$search_id['user_ids'] .= (($search_id['user_ids'] != "") ? ", " "").$row[$user_table_fields['user_id']];
    }
    
$site_db->free_result($result);
  }
}

if (
$search_keywords != "" && $show_result == 1) {
  
$search_keywords strip_tags(trim($search_keywords));
  
$search_keywords convert_special($search_keywords);
  
$search_keywords strtolower($search_keywords);

  
$search_array = array(
    
"/\s+\+/",
    
"/\s+\-/",
    
"/[&|#][a-z0-9]*;/siU",
    
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
    
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
    
"#[-_'`´]+#s",
    
"#[\n\t\r^\$&\(\)<>\"\|,@\?%~\+\.\[\]{}:\/=\#;!§\\\\]+#s"
  
);

  
$replace_array = array(
    
" and ",
    
" not ",
    
" ",
    
" ",
    
" ",
    
"",
    
" "
  
);
  
$search_keywords preg_replace($search_array$replace_array$search_keywords);
  
$split_words preg_split("/\s+/"$search_keywords);

  
$match_field_sql = ($search_fields != "all" && isset($search_match_fields[$search_fields])) ? "AND m.".$search_match_fields[$search_fields]." = 1" "";
  
$stopword_list get_stopwords();
  
$search_word_cache = array();
  for (
$i 0$i sizeof($split_words); $i++) {
    if (
$split_words[$i] == "and" || $split_words[$i] == "und" || $split_words[$i] == "or" || $split_words[$i] == "oder" || $split_words[$i] == "not") {
      
$search_word_cache[$i] = ($search_terms) ? "and" $split_words[$i];
    }
    elseif (
$split_words[$i] != "" && strlen($split_words[$i]) >= MIN_SEARCH_KEYWORD_LENGTH && strlen($split_words[$i]) <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($split_words[$i], $stopword_list)) {
      
$sql "SELECT m.image_id
              FROM "
.WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m
              WHERE w.word_text LIKE '"
.addslashes(str_replace("*""%"$split_words[$i]))."'
              AND m.word_id = w.word_id
              
$match_field_sql";
      
$result $site_db->query($sql);
      
$search_word_cache[$i] = array();
      while (
$row $site_db->fetch_array($result)) {
        
$search_word_cache[$i][$row['image_id']] = 1;
      }
      
$site_db->free_result();
    }
  }

  
$is_first_word 1;
  
$operator "or";
  
$image_id_list = array();
  for (
$i 0$i sizeof($search_word_cache); $i++) {
    if (
$search_word_cache[$i] == "and" || $search_word_cache[$i] == "und" || $search_word_cache[$i] == "or" || $search_word_cache[$i] == "oder" || $search_word_cache[$i] == "not") {
      if (!
$is_first_word) {
        
$operator $search_word_cache[$i];
      }
    }
    elseif (
is_array($search_word_cache[$i])) {
      if (
$search_terms) {
        
$operator "and";
      }
      foreach (
$search_word_cache[$i] as $key => $val) {
        if (
$is_first_word || $operator == "or" || $operator == "oder") {
          
$image_id_list[$key] = 1;
        }
        elseif (
$operator == "not") {
          unset(
$image_id_list[$key]);
        }
      }
      if ((
$operator == "and" || $operator == "und") && !$is_first_word) {
        foreach (
$image_id_list as $key => $val) {
          if (!isset(
$search_word_cache[$i][$key])) {
            unset(
$image_id_list[$key]);
          }
        }
      }
    }
    
$is_first_word 0;
  }

  
$search_id['image_ids'] = "";
  foreach (
$image_id_list as $key => $val) {
    
$search_id['image_ids'] .= (($search_id['image_ids'] != "") ? ", " "").$key;
  }
  unset(
$image_id_list);
}

if (
$search_new_images && $show_result == 1) {
  
$search_id['search_new_images'] = 1;
}

if (
$search_cat && $show_result == 1) {
  
$search_id['search_cat'] = $search_cat;
}

if (!empty(
$search_id)) {
  
$site_sess->set_session_var("search_id"serialize($search_id));
  
$session_info['search_id'] = $search_id;
}

include(
ROOT_PATH.'includes/page_header.php');

$num_rows_all 0;
if (
$show_result == 1) {
  if (!isset(
$session_info['searchid']) || empty($session_info['searchid'])) {
    
$session_info['search_id'] = $site_sess->get_session_var("search_id");
  }

  if (!empty(
$session_info['search_id'])) {
    
$search_id unserialize($session_info['search_id']);
  }

  
$sql_where_query "";

  if (!empty(
$search_id['image_ids'])) {
    
$sql_where_query .= "AND i.image_id IN (".$search_id['image_ids'].") ";
  }

  if (!empty(
$search_id['user_ids'])) {
    
$sql_where_query .= "AND i.user_id IN (".$search_id['user_ids'].") ";
  }

  if (!empty(
$search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
    
$new_cutoff time() - 60 60 24 $config['new_cutoff'];
    
$sql_where_query .= "AND i.image_date >= $new_cutoff ";
  }

  if (!empty(
$search_id['search_cat']) && $search_id['search_cat'] != 0) {
    
$cat_id_sql 0;
    
$sub_cat_ids get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
    if (
check_permission("auth_viewcat"$search_id['search_cat'])) {
      
$cat_id_sql .= ", ".$search_id['search_cat'];
      if (!empty(
$sub_cat_ids[$search_id['search_cat']])) {
        foreach (
$sub_cat_ids[$search_id['search_cat']] as $val) {
          if (
check_permission("auth_viewcat"$val)) {
            
$cat_id_sql .= ", ".$val;
          }
        }
      }
    }
  }
  else {
    
$cat_id_sql get_auth_cat_sql("auth_viewcat");
  }

  if (!empty(
$sql_where_query)) {
    
$sql "SELECT COUNT(*) AS num_rows_all
            FROM "
.IMAGES_TABLE." i
            WHERE i.image_active = 1 
$sql_where_query
            AND i.cat_id IN (
$cat_id_sql)";
    
$row $site_db->query_firstrow($sql);
    
$num_rows_all $row['num_rows_all'];
  }
}

if (!
$num_rows_all && $show_result == 1)  {
  
$msg preg_replace("/".$site_template->start."search_keywords".$site_template->end."/"$search_keywords$lang['search_no_results']);
}

//-----------------------------------------------------
//--- Show Search Results -----------------------------
//-----------------------------------------------------
if ($num_rows_all && $show_result == 1)  {
  
$link_arg $site_sess->url(ROOT_PATH."search.php?show_result=1");

  include(
ROOT_PATH.'includes/paging.php');
  
$getpaging = new Paging($page$perpage$num_rows_all$link_arg);
  
$offset $getpaging->get_offset();
  
$site_template->register_vars(array(
    
"paging" => $getpaging->get_paging(),
    
"paging_stats" => $getpaging->get_paging_stats()
  ));

  
$imgtable_width ceil((intval($config['image_table_width'])) / $config['image_cells']);
  if ((
substr($config['image_table_width'], -1)) == "%") {
    
$imgtable_width .= "%";
  }

  
$additional_sql "";
  if (!empty(
$additional_image_fields)) {
    foreach (
$additional_image_fields as $key => $val) {
      
$additional_sql .= ", i.".$key;
    }
  }

  
$sql "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.""user_name")."
          FROM "
.IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c
          LEFT JOIN "
.USERS_TABLE." u ON (".get_user_table_field("u.""user_id")." = i.user_id)
          WHERE i.image_active = 1
          
$sql_where_query
          AND c.cat_id = i.cat_id AND i.cat_id IN (
$cat_id_sql)
          ORDER BY "
.$config['image_order']." ".$config['image_sort']."
          LIMIT 
$offset$perpage";
  
$result $site_db->query($sql);

  
$thumbnails "<table width=\"".$config['image_table_width']."\" border=\"0\" cellpadding=\"".$config['image_table_cellpadding']."\" cellspacing=\"".$config['image_table_cellspacing']."\">\n";

  
$count 0;
  
$bgcounter 0;
  while (
$image_row $site_db->fetch_array($result)) {
    if (
$count == 0) {
      
$row_bg_number = ($bgcounter++ % == 0) ? 2;
      
$thumbnails .= "<tr class=\"imagerow".$row_bg_number."\">\n";
    }
    
$thumbnails .= "<td width=\"".$imgtable_width."\" valign=\"top\">\n";
    
show_image($image_row"search");
    
$thumbnails .= $site_template->parse_template("thumbnail_bit");
    
$thumbnails .= "\n</td>\n";
    
$count++;
    if (
$count == $config['image_cells']) {
      
$thumbnails .= "</tr>\n";
      
$count 0;
    }
  } 
// end while
  
if ($count 0)  {
    
$leftover = ($config['image_cells'] - $count);
    if (
$leftover >= 1) {
      for (
$i 0$i $leftover$i++) {
        
$thumbnails .= "<td width=\"".$imgtable_width."\">\n&nbsp;\n</td>\n";
      }
      
$thumbnails .= "</tr>\n";
    }
  }
  
$thumbnails .= "</table>\n";
  
$content $thumbnails;
  unset(
$thumbnails);
// end if
else {
  
$site_template->register_vars(array(
    
"search_keywords" => htmlspecialchars(stripslashes($org_search_keywords)),
    
"search_user" => htmlspecialchars(stripslashes($org_search_user)),
    
"lang_search_by_keyword" => $lang['search_by_keyword'],
    
"lang_search_by_username" => $lang['search_by_username'],
    
"lang_new_images_only" => $lang['new_images_only'],
    
"lang_search_terms" => $lang['search_terms'],
    
"lang_or" => $lang['or'],
    
"lang_and" => $lang['and'],
    
"lang_category" => $lang['category'],
    
"lang_search_fields" => $lang['search_fields'],
    
"lang_all_fields" => $lang['all_fields'],
    
"lang_name_only" => $lang['name_only'],
    
"lang_description_only" => $lang['description_only'],
    
"lang_keywords_only" => $lang['keywords_only'],
    
"category_dropdown" => get_category_dropdown($cat_id)
  ));

  if (!empty(
$additional_image_fields)) {
    
$additional_field_array = array();
    foreach (
$additional_image_fields as $key => $val) {
      if (isset(
$lang[$key.'_only'])) {
        
$additional_field_array['lang_'.$key.'_only'] = $lang[$key.'_only'];
      }
    }
    if (!empty(
$additional_field_array)) {
      
$site_template->register_vars($additional_field_array);
    }
  }
  
$content $site_template->parse_template("search_form");
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
// $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['search']."</span>"; // Original code
// MOD: Dynamic page title BLOCK BEGIN
if (!empty($search_id['search_new_images'])) {
  if( 
$search_id['search_new_images'] == )
    
$txt_clickstream $lang['new_images'];
  else
    
$txt_clickstream $lang['new_images_since'];
}
else {
  
$txt_clickstream $lang['search'];
}
$clickstream "<span class=\"clickstream\"><a title=\"".$lang['home']."\" href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].(($search_keywords) ? "<a href=\"".$site_sess->url(ROOT_PATH."search.php")."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'].$search_keywords $txt_clickstream)."</span>";  // Show search keywords
$page_title $config['category_separator'].$txt_clickstream;
// MOD: Dynamic page title BLOCK END

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
  
"content" => $content,
  
"msg" => $msg,
  
"clickstream" => $clickstream,
  
"page_title" => $page_title// MOD: Dynamic page title
  
"lang_search" => $lang['search']
));
// MOD: Dynamic page title BLOCK BEGIN
//-----------------------------------------------------
//--- Parse Header & Footer ---------------------------
//-----------------------------------------------------
if (isset($main_template) && $main_template) {
  
$header $site_template->parse_template("header");
  
$footer $site_template->parse_template("footer");
  
$site_template->register_vars(array(
    
"header" => $header,
    
"footer" => $footer
  
));
  unset(
$header);
  unset(
$footer);
}
// MOD: Dynamic page title BLOCK END
$site_template->print_template($site_template->parse_template($main_template));
include(
ROOT_PATH.'includes/page_footer.php');
?>


Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #25 on: January 14, 2006, 07:19:06 PM »
mmm...I ment attach the search.php with the fix implemented...what you showed has no fix installed...

Ok, I think it would be best just to attach already fixed files to the original post...

P.S. if you see "attach", that means attach the file, not show the source ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline likeaflower

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #26 on: January 17, 2006, 07:23:00 AM »
I just downloaded the gallery script and installed it today - is that one I downloaded already modified?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #27 on: January 17, 2006, 07:40:11 AM »
I just downloaded the gallery script and installed it today - is that one I downloaded already modified?
No.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #28 on: February 19, 2006, 07:12:00 PM »
I found an issue with search.php after these changes...and added Step 3 that fixes that issue.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline nobby

  • 4images Guru
  • *******
  • Posts: 2.873
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #29 on: February 19, 2006, 09:06:15 PM »
Hallo,

ich habe auf Seite 1 den Link (search.php + register.php+global.php.zip) gefunden. Sind diese Dateien jetzt die Modifizierten incl. des
Sicherheitspatches?


Bei soviel durcheinander (English und Deutsch) blickt man ja garnicht mehr durch.  :(

Ich bin des Englishen nur brocken weise mächtig, im grund eher schlecht als recht.

Gruß
Nobby