4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kai on October 27, 2010, 11:39:09 AM
-
A cross site scripting vulnerability in 4images 1.7 - 1.7.8 has been found.
To fix this:
In admin/admin_functions.php
find
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";
and replace it with
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";
find
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a> ";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a> ";
find
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
If you are using 4images v1.7 also add in includes/functions.php above ?>
function safe_htmlspecialchars($chars) {
// Translate all non-unicode entities
$chars = preg_replace(
'/&(?!(#[0-9]+|[a-z]+);)/si',
'&',
$chars
);
$chars = str_replace(">", ">", $chars);
$chars = str_replace("<", "<", $chars);
$chars = str_replace('"', """, $chars);
return $chars;
}
Thanks to Secunia Research (http://secunia.com/) for finding and reporting this vulnerability!
-
hello,
when i'm adding the code to v1.7 works nothing in the admin-backend!
any solution??
thx
jkn
-
I am having the same problem with 1.7. Instead of the menu in the top left corner I am getting this:
Fatal error: Call to undefined function safe_htmlspecialchars() in <path to gallery>/admin/admin_functions.php on line 632
Line 632 reads echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
How do I get the menu working again? BTW, version 1.7.6 works fine with this fix.
-
added one more step