Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 175964 times)

0 Members and 1 Guest are viewing this topic.

Offline devilsoulblack

  • Pre-Newbie
  • Posts: 6
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #15 on: October 21, 2006, 10:43:33 PM »
thanks dude

Offline ahmad

  • Newbie
  • *
  • Posts: 14
  • Ahmad Alfy
    • View Profile
    • Portsaid-Online.com
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #16 on: October 21, 2006, 10:56:35 PM »
Thanks for the fix dude
updating my gallery now !

Offline beach-baer

  • Newbie
  • *
  • Posts: 20
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #17 on: October 21, 2006, 11:02:23 PM »
Das klappt wie immer Prima bei euch :D, Thanks

Offline Sternie

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #18 on: October 21, 2006, 11:04:50 PM »
kann mir das bitte nochmal jemand verdeutschen, um was für ein Security Fix es sich handelt und wo genau ich die Zeile einsetzen soll? Genau unter die Zeile zwischen die Zeile und der darunterbefindlichen klammer?

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #19 on: October 21, 2006, 11:13:27 PM »
damit wird eine sicherheits lücke geschlossen

wenn du v 1.7.2 oder 1.7.3 hast
öffne global.php und suche nach
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

oder wenn du 1.7 bis 1.7.1 hast
suche nach
Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

gleich drunter füge diese zeile ein

Code: [Select]
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);

so.. hoffe dies war in gutem deutsch :)

grüsse von einem nicht deutschen ;)
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline Sternie

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #20 on: October 21, 2006, 11:21:10 PM »
danke Nicky  :D grade bei solchen 'komplizierten' Sachen in denen ich mich absolut nicht auskenne bin ich mir in meinem Stolperenglisch immer zu unsicher irgendetwas auf GutGlück zu machen :)

War eine gute deutsche Anweisung :)

Sieht jetzt bei mir so aus:

$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}

richtig?

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #21 on: October 21, 2006, 11:24:09 PM »
schönheitsfehler *g*

Code: [Select]
  $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);

so ist viel schöner ;)
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline Sternie

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #22 on: October 21, 2006, 11:26:44 PM »
danke schön, so steht es auch in der Datei, hab hier aber diese Codebox zum Posten nicht gefunden  :oops:

Offline ladyoz

  • Newbie
  • *
  • Posts: 15
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #23 on: October 22, 2006, 12:32:34 AM »
Thanks muchly guys  :D
Despite the cost of living, it's still popular ...

Offline Stinus

  • Newbie
  • *
  • Posts: 12
    • View Profile
    • Veteranbrannbiler - Old Fire Truck
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #24 on: October 22, 2006, 01:03:52 AM »
Thank you verry much. :wink:
Updatet.
Stian


A site about Old Fire Truck - Gallery - Forum

Offline haythamghareeb

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #25 on: October 22, 2006, 01:43:04 AM »
Thanks  :lol:

Offline Matpatnik

  • Pre-Newbie
  • Posts: 3
    • View Profile
    • RuneFr.com
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #26 on: October 22, 2006, 03:17:09 AM »
cool thank you :D

Offline Playgirl

  • Pre-Newbie
  • Posts: 2
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #27 on: October 22, 2006, 06:12:07 AM »
Thank you :D

Offline Syslord

  • Pre-Newbie
  • Posts: 8
    • View Profile
    • reinigungsforum
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #28 on: October 22, 2006, 10:11:54 AM »
Nice Thank you


Offline Adson

  • Newbie
  • *
  • Posts: 33
  • Joerg - Laie - Lernfähig
    • View Profile
    • joergsimon-page.de
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #29 on: October 22, 2006, 10:12:30 AM »
Hi,

ein Gedanke... Die Danksagungen sind super und auch sehr gut. Nur machen sie es u.U. ziemlich unübersichtlich, zu technischen INhalten zu kommen. Man kann dadurch leicht was übersehen. Kann man die nicht ausserhalb des eigentlichen Threads anbringen?

Übrigens Jan: Danke.

 :)

Grüße, Jörg