Author Topic: [1.7 / 1.7.1] Security fix in sessions.php  (Read 269258 times)

0 Members and 1 Guest are viewing this topic.

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
[1.7 / 1.7.1] Security fix in sessions.php
« on: June 07, 2005, 11:17:51 AM »
This is an important security fix.

Open includes/sessions.php and find the following line:

Code: [Select]
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
replace this line with the following code:

Code: [Select]
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
« Last Edit: December 02, 2005, 02:42:29 PM by V@no »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

b.o.fan

  • Guest
Re: [1.7.1] Security fix in sessions.php
« Reply #1 on: June 08, 2005, 10:36:43 AM »
ich hab das gefixed. aber wozu is das? bzw. wo war der bug?

was wurde gesichert. interessiert mich mal interessehalber... :)

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7.1] Security fix in sessions.php
« Reply #2 on: June 08, 2005, 10:58:29 AM »
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst ;)

Gruß Jan
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

b.o.fan

  • Guest
Re: [1.7.1] Security fix in sessions.php
« Reply #3 on: June 08, 2005, 10:59:57 AM »
verstehe. juut.

gut dass ich das installiert hab ;)

Offline edwin

  • Full Member
  • ***
  • Posts: 199
    • View Profile
    • http://www.foto-janssen.nl
Re: [1.7.1] Security fix in sessions.php
« Reply #4 on: June 08, 2005, 11:33:53 AM »
Jan, in News & Ankündigungen you'll say it's for all versions, but in the headline you write ( [1.7.1] Security fix in sessions.php )

is it only for 1.7.1 or for all versions 4images


Offline martrix

  • Hero Member
  • *****
  • Posts: 755
    • View Profile
    • overlord.cz
Re: [1.7.1] Security fix in sessions.php
« Reply #5 on: June 08, 2005, 11:36:48 AM »
Edwin:
It is also for 1.7 - so you should also change that!

Jan:
Could you please change the title of this thread, so it says also 1.7?
MAяTRIX


Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [1.7.1] Security fix in sessions.php
« Reply #6 on: June 08, 2005, 01:22:59 PM »
Quote from: martrix
Jan:
Could you please change the title of this thread, so it says also 1.7 ?

martrix, you are right ... that seems to me also very important ...  :!:

mawenzi
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline RoadDogg

  • Sr. Member
  • ****
  • Posts: 488
    • View Profile
    • Düsipixel
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #7 on: June 08, 2005, 06:31:23 PM »
Ist damit das bekannte Problem mit der Übernahme einer SiD gelöst?
For support requests please don´t forget link to your Gallery/to phpinfo.php
Code: [Select]
<?
phpinfo()
?>
safe_mode must turned OFF
Please check Error Messages

Offline graficalicus

  • Full Member
  • ***
  • Posts: 235
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #8 on: June 09, 2005, 06:39:55 PM »
made this change and the whole gallery went down!

direct image link:  http://digiart.graficalicus.com/details.php?image_id=1203

category link: http://digiart.graficalicus.com/categories.php?cat_id=10

home link:  http://digiart.graficalicus.com/

rss link:  http://digiart.graficalicus.com/rss.php

 :?: :!: :?: :!: :?: :!:  help  :!: :?:

Offline RoadDogg

  • Sr. Member
  • ****
  • Posts: 488
    • View Profile
    • Düsipixel
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #9 on: June 09, 2005, 06:42:22 PM »
Have you restored your session.php?

which version of 4img do you use?
For support requests please don´t forget link to your Gallery/to phpinfo.php
Code: [Select]
<?
phpinfo()
?>
safe_mode must turned OFF
Please check Error Messages

Offline graficalicus

  • Full Member
  • ***
  • Posts: 235
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #10 on: June 09, 2005, 06:51:44 PM »
restored - using 1.7 - this is the only change I've made in a few days. Dumped my cache, reloaded the page - nothing!

wonder if I've been hacked........

Offline graficalicus

  • Full Member
  • ***
  • Posts: 235
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #11 on: June 09, 2005, 06:55:24 PM »
every error line is:
Code: [Select]
$site_template->register_vars(array(
ideas?

Offline graficalicus

  • Full Member
  • ***
  • Posts: 235
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #12 on: June 09, 2005, 07:12:36 PM »
fixed - I was editing an old sessions.php   :oops:  now updated   :|

thanks for looking!

Offline Bugfixed

  • Jr. Member
  • **
  • Posts: 96
    • View Profile
    • Lavinya
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #13 on: June 12, 2005, 05:24:40 PM »
hello all.

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
<?php echo 'Hello, World!'; ?>

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #14 on: June 12, 2005, 07:38:29 PM »
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)