Author Topic: [1.7 - 1.7.11] Security fix for XSS issue in global.php  (Read 72146 times)

0 Members and 1 Guest are viewing this topic.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
[1.7 - 1.7.11] Security fix for XSS issue in global.php
« on: July 16, 2013, 06:17:58 PM »
We've been reported (thanks to jakovits) a cross site scripting vulnerability in 4images 1.7 - 1.7.11.

To fix this:

In global.php

find

$string preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);

and replace it with

$string preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline Meldric

  • Pre-Newbie
  • Posts: 4
    • View Profile
Re: [1.7 - 1.7.11] Security fix for XSS issue in global.php
« Reply #1 on: September 27, 2013, 10:12:56 AM »
Why the heck are posts deleted here???

Rembrandt

  • Guest
Re: [1.7 - 1.7.11] Security fix for XSS issue in global.php
« Reply #2 on: September 27, 2013, 12:04:14 PM »
Why the heck are posts deleted here???
Weil deine Frage in einen völlig falschen Thread ist, auserdem wurde dein Post nicht gelöscht sondern verschoben:
http://www.4homepages.de/forum/index.php?topic=31356.0

mfg Andi

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7 - 1.7.11] Security fix for XSS issue in global.php
« Reply #3 on: September 27, 2013, 02:33:56 PM »
Richtig, wie Rembrandt es schreibt
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search