Author Topic: [1.7 / 1.7.1] Security fix in search.php and register.php  (Read 166612 times)

0 Members and 1 Guest are viewing this topic.

Offline TIMT

  • Hero Member
  • *****
  • Posts: 505
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #30 on: February 19, 2006, 09:21:57 PM »
Hallo nobby

Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.

Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.

Gruss
TIMT

Offline nobby

  • 4images Guru
  • *******
  • Posts: 2.873
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #31 on: February 19, 2006, 09:29:19 PM »
Hallo nobby

Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.

Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.

Gruss
TIMT

Danke für Deine schnelle Antwort !   :D

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #32 on: February 20, 2006, 02:31:43 PM »
here is a tip:
Download the zip package from the attachment and compare it with the original search.php
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Washi

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #33 on: February 26, 2006, 09:12:38 PM »
Vano, if everything works correctly on my server, I don't need to do this update again, do I? I don't understand what changed from the original update. Thanks!

Offline Saiman

  • Newbie
  • *
  • Posts: 14
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #34 on: March 01, 2006, 10:40:29 PM »
Why are the files are not atached longer?

Offline jovan

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #35 on: April 03, 2006, 12:04:36 PM »
Quote
In the attachment below you can find already modifyed default search.php, register.php and global.php
and where i can get this attachment. i can't see it!

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #36 on: April 04, 2006, 01:44:53 AM »
Vano, if everything works correctly on my server, I don't need to do this update again, do I?
If your site security is not in the priority for you, then no, you dont need to apply this fix, but then, dont cry if your gallery get hacked through this security hole...

P.S. I've attached the modifyed files for v1.7 and v1.7.1 in the original post.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Supoplex

  • Pre-Newbie
  • Posts: 2
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #37 on: April 06, 2006, 07:28:45 PM »
I have 4images 1.7.2.
Are Security and  search  bugs are fixed?
 :roll:

Offline IcEcReaM

  • Hero Member
  • *****
  • Posts: 714
    • View Profile
    • My little Testboard
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #38 on: April 06, 2006, 08:02:14 PM »
yes, in 1.72 already build in all know security fixes,
and there are no fixes for 1.72 at the moment.
Coding is a everlasting competition between programmers who tries to write larger, better and idiot-safe programs and the universe producing larger and stupider idiots...
...so far the universe won
bump

Offline Supoplex

  • Pre-Newbie
  • Posts: 2
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #39 on: April 07, 2006, 12:34:22 PM »
but i'm still having some errors like:
Validate images after delite or..  i get this :
Code: [Select]
Warning: copy(./../data/media/2/yh_2.jpg): failed to open stream: No such file or directory in /var/www/vhosts/yours.lt/subdomains/proektaslt/httpdocs/admin/admin_functions.php on line 111
Error adding image: asdasd (yh_2.jpg)
and Add categories a get this :
Code: [Select]
Warning: ftp_login() expects parameter 1 to be resource, boolean given in /var/www/vhosts/yours.lt/subdomains/mysite/httpdocs/admin/categories.php on line 86
Mauvaise connexion FTPEssaye de se connecter a ftp.yours.lt for user

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #40 on: April 07, 2006, 02:29:59 PM »
re check steps and configuration of safe mode mod that you've installed.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline tansamalaja

  • Full Member
  • ***
  • Posts: 185
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #41 on: September 04, 2007, 10:59:08 AM »
Man hat mich darauf aufmerksam gemacht, dass die search.php eine Sicherheitslücke haben soll und für sql-injection anfällig ist. Ich habe auch einen Link zu dem entsprechenden Script, möchte diesen aber natürlich nicht veröffentlichen. Wenn also einer der Admins sich mal mit mir in Verbindung setzt, Jan habe ich schon eine PN geschickt, bin ab Donnerstag wieder online.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.412
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #42 on: September 04, 2007, 11:28:43 AM »
@ tansamalaja:

Der Bug den Du meinst ist aus 2006 und wurde damals gleich gefixt:
http://www.4homepages.de/forum/index.php?topic=14604.0

Zudem enthält die aktuelle Version 4images 1.7.4 allle Fixes.
Download hier: http://www.4homepages.de/4images/download.php
« Last Edit: September 05, 2007, 01:21:12 PM by kai »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline tansamalaja

  • Full Member
  • ***
  • Posts: 185
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #43 on: September 04, 2007, 12:01:22 PM »
Dann ist ja gut...  8)