Author Topic: PHP 8 Fix for V1.9  (Read 4333 times)

0 Members and 1 Guest are viewing this topic.

Offline kp

  • Newbie
  • *
  • Posts: 17
    • View Profile
    • www.hell-is-open.de
PHP 8 Fix for V1.9
« on: September 01, 2022, 11:51:47 PM »
Found a PHP8 bug in this version.
If I use the function "check for new images" (German: Neue Bilder checken) and there are new images in the chosen category (which I've uploaded upfront via FTP) you will see nothing (because there is a not displayed error).

A fix you can find here: https://www.4homepages.de/forum/index.php?topic=33113.new#new

Offline Ricsca

  • Jr. Member
  • **
  • Posts: 50
    • View Profile
Re: PHP 8 Fix for V1.9
« Reply #1 on: September 29, 2022, 08:14:35 PM »
Thanks

Offline Bugfixed

  • Jr. Member
  • **
  • Posts: 96
    • View Profile
    • Lavinya
Re: PHP 8 Fix for V1.9
« Reply #2 on: October 02, 2022, 03:08:55 PM »
Thank you.

Hello there. There are 2 security vulnerabilities here, I wonder if the developers can release a patch for it? Thanks in advance, it's urgent.
https://packetstormsecurity.com/files/163818/4images-1.8-SQL-Injection.html
https://packetstormsecurity.com/files/162946/4Images-1.8-Cross-Site-Scripting.html

Versions 1.8 and 1.9 seem to be affected.
<?php echo 'Hello, World!'; ?>

Offline kp

  • Newbie
  • *
  • Posts: 17
    • View Profile
    • www.hell-is-open.de
Re: PHP 8 Fix for V1.9
« Reply #3 on: October 31, 2022, 10:53:13 AM »
Hey,
I'm not a responsible person but I kept on eye on your post.
As I can see, the first "bug" is within the Admin area. So nobody could go there and can do something bad. On the other hand it looks for me, that 4images is cleaning all parameters.
So are you really sure that there is a real bug? I can't really find out on the page what the result is with this security tool.

About Cross Site Scripting I had not looked at yet.

Thank you.

Hello there. There are 2 security vulnerabilities here, I wonder if the developers can release a patch for it? Thanks in advance, it's urgent.
https://packetstormsecurity.com/files/163818/4images-1.8-SQL-Injection.html
https://packetstormsecurity.com/files/162946/4Images-1.8-Cross-Site-Scripting.html

Versions 1.8 and 1.9 seem to be affected.

Offline kp

  • Newbie
  • *
  • Posts: 17
    • View Profile
    • www.hell-is-open.de
Re: PHP 8 Fix for V1.9
« Reply #4 on: November 01, 2022, 12:55:10 PM »
Found a new PHP8 bug in this version.
By using the admin-function "Edit images" (German: Bilder bearbeiten) the result is strange when there are no filters set. Sometimes I got 0 images, sometimes 5000 sometimes all of them. This comes from the new handling in misusing a compare of string with an integer.

A fix you can find here: https://www.4homepages.de/forum/index.php?topic=33113.new#new