4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kai on July 16, 2013, 06:17:58 PM

Title: [1.7 - 1.7.11] Security fix for XSS issue in global.php
Post by: kai on July 16, 2013, 06:17:58 PM
We've been reported (thanks to jakovits) a cross site scripting vulnerability in 4images 1.7 - 1.7.11.

To fix this:

In global.php

find

$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);

and replace it with

$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);
Title: Re: [1.7 - 1.7.11] Security fix for XSS issue in global.php
Post by: Meldric on September 27, 2013, 10:12:56 AM
Why the heck are posts deleted here???
Title: Re: [1.7 - 1.7.11] Security fix for XSS issue in global.php
Post by: Rembrandt on September 27, 2013, 12:04:14 PM
Why the heck are posts deleted here???
Weil deine Frage in einen völlig falschen Thread ist, auserdem wurde dein Post nicht gelöscht sondern verschoben:
http://www.4homepages.de/forum/index.php?topic=31356.0

mfg Andi
Title: Re: [1.7 - 1.7.11] Security fix for XSS issue in global.php
Post by: kai on September 27, 2013, 02:33:56 PM
Richtig, wie Rembrandt es schreibt