121
Bug Fixes & Patches / [1.7 - 1.7.8] Security fix for CSRF vulnerability
« on: October 27, 2010, 12:10:43 PM »
A cross-site request forgery vulnerability in 4images 1.7 - 1.7.8 has been found.
To fix this please follow these 4 steps:
1.
Download the attached file csrf_utils.php file and copy it into includes/ folder of your 4images installation.
2.
Open global.php and search for the following line:
@include(ROOT_PATH.'config.php');
and insert the following code ABOVE this line:
// Initialize CSRF protection configuration
$csrf_protection_enable = 1;
$csrf_protection_frontend = 1;
$csrf_protection_backend = 1;
$csrf_protection_expires = 7200;
$csrf_protection_name = '__csrf';
$csrf_protection_xhtml = 1;
In the same file, search for the line:
include_once(ROOT_PATH.'includes/captcha_utils.php');
and insert the following code BELOW this line:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');
3.
Open includes/page_header.php and search for the following line (at the end for the file):
?>
and insert the following code ABOVE this line:
if ($csrf_protection_enable && $csrf_protection_frontend) {
csrf_start(true);
}
4.
Open admin/admin_global.php and search for the following line:
include_once(ROOT_PATH.'admin/admin_functions.php');
and insert the following code BELOW this line:
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
Thanks to Russ McRee for finding and reporting this vulnerability!
To fix this please follow these 4 steps:
1.
Download the attached file csrf_utils.php file and copy it into includes/ folder of your 4images installation.
2.
Open global.php and search for the following line:
@include(ROOT_PATH.'config.php');
and insert the following code ABOVE this line:
// Initialize CSRF protection configuration
$csrf_protection_enable = 1;
$csrf_protection_frontend = 1;
$csrf_protection_backend = 1;
$csrf_protection_expires = 7200;
$csrf_protection_name = '__csrf';
$csrf_protection_xhtml = 1;
In the same file, search for the line:
include_once(ROOT_PATH.'includes/captcha_utils.php');
and insert the following code BELOW this line:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');
3.
Open includes/page_header.php and search for the following line (at the end for the file):
?>
and insert the following code ABOVE this line:
if ($csrf_protection_enable && $csrf_protection_frontend) {
csrf_start(true);
}
4.
Open admin/admin_global.php and search for the following line:
include_once(ROOT_PATH.'admin/admin_functions.php');
and insert the following code BELOW this line:
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
Thanks to Russ McRee for finding and reporting this vulnerability!