Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 175965 times)

0 Members and 1 Guest are viewing this topic.

Offline medo007

  • Newbie
  • *
  • Posts: 29
  • Internet addict
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #30 on: October 22, 2006, 01:35:57 PM »
Thank you very much! :D
mEDO

Offline KimmyMarie

  • Newbie
  • *
  • Posts: 30
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #31 on: October 22, 2006, 04:23:05 PM »
Thank you very much Jan!





Best wishes,
Kimmy

Offline Fotopez

  • Pre-Newbie
  • Posts: 7
    • View Profile
    • Team Austriafoto.at  Schwerpunkt Tier und Naturfotos - Wildlife
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #32 on: October 22, 2006, 04:56:43 PM »
Dankeschön!  :)

Offline theking6

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #33 on: October 22, 2006, 06:09:24 PM »
Vielen herzlichen Dank

Offline linux_rh

  • Newbie
  • *
  • Posts: 34
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #34 on: October 22, 2006, 07:50:04 PM »
first of all  i would thank 4images group for sending me  this massege  for  fixing  the bug in 4images

every thing is done

the bugs fix

thank you agian


Offline Zhra

  • Newbie
  • *
  • Posts: 13
    • View Profile
    • Zhra Net
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #35 on: October 23, 2006, 02:26:18 AM »
Thanks so much  :wink:
have been Updated  :D

Offline wallpapers

  • Full Member
  • ***
  • Posts: 107
    • View Profile
    • Tuned-Cars.Net
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #36 on: October 29, 2006, 08:25:34 PM »
I'm maby stupid but what is " Cross-Site Scripting Vulnerability" i have never heard about it  :roll:



Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #38 on: November 01, 2006, 10:32:04 AM »
Hi,

I just applied the security fix and viewed the result.

The page in general looks like it has been before but on the Top of the page there are now a lot of additional system messages:  8O

Code: [Select]
cache[$row['cat_id']] = $row['new_images']; } $site_db->free_result(); // -------------------------------------- $sql = "SELECT cat_id, COUNT(*) AS num_images FROM ".IMAGES_TABLE." WHERE image_active = 1 GROUP BY cat_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $cat_cache[$row['cat_id']]['num_images'] = $row['num_images']; } $site_db->free_result(); } //end if GET_CACHES ?>
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

I integrated the gallery in the layout of my site. Can it be that the script tries to modify that layout now too?
What can these messages mean?  :?

regards

BitBull
« Last Edit: November 01, 2006, 11:26:01 AM by BitBull »

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #39 on: November 01, 2006, 11:25:26 AM »
 8O I tried to log on as registered user ...

There are even more of these messages and I am not able to log in anymore!  :?: :?: :?:

Some guesses somewhere?

regards

BitBull

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #40 on: November 01, 2006, 12:30:44 PM »
seams your global.php is strange...
uploaded as binary... edited with nonconform editor.
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #41 on: November 01, 2006, 12:45:07 PM »
Hmmm ... I guess thats not the problem really.

I am using Phase 5 (HTML Editor). I am using that editor ever and I did all my work on my sites with that editor.

I also removed the fix in global.php with this editor and everything works properly again ...

... but so I haven't applied the security fix.

Any other idea?

thanks and regards

BitBull

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #42 on: November 01, 2006, 12:56:46 PM »
then is something else..
like you can see, all ppl. don't have a problem with it.
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #43 on: November 01, 2006, 01:05:26 PM »
most certainly yes! :wink:

But hopefully someone can "understand" these messages and give me a hint where the problem could be to find ... :roll:

For me it seems that it has something to do with the header-file because there I integrated the menu etc. of my site. Can it be that with these additions the new line in the global.php has a problem? ...

The mentioned 2 lines in the sessions.php are:
86:
Code: [Select]
    session_start();
and 94:
Code: [Select]
    setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
BitBull
« Last Edit: November 01, 2006, 01:24:03 PM by BitBull »

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #44 on: November 02, 2006, 10:15:42 AM »
The line that causes this error is in global.php, line 450.

Quote
output started at /homepages/blablabla/publik/global.php:450

Can you post whats in (or better in and around) this line.

Jan
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search