4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: V@no on December 27, 2005, 10:19:37 AM
-
(http://img307.imageshack.us/img307/6874/gb3vq.gif) This is an important security fix.
(http://img307.imageshack.us/img307/682/ru0cy.gif) Это очень важная заплатка для опасной дыры в скрипте
Step 1
(http://img307.imageshack.us/img307/6874/gb3vq.gif) In search.php any variables or other code that is located below copyright notice
(http://img307.imageshack.us/img307/682/ru0cy.gif) В search.php всё что находится ниже копирайта (который заканьчиватся этой строкой):
*************************************************************************/
(http://img307.imageshack.us/img307/6874/gb3vq.gif) and above
(http://img307.imageshack.us/img307/682/ru0cy.gif) и выше:
$main_template = 'search';
(http://img307.imageshack.us/img307/6874/gb3vq.gif) must be moved below
(http://img307.imageshack.us/img307/682/ru0cy.gif) должно быть перенесено ниже:include(ROOT_PATH.'global.php');
(http://img307.imageshack.us/img307/6874/gb3vq.gif) In default 4images, the block that must be moved is:
(http://img307.imageshack.us/img307/682/ru0cy.gif) В свежей 4images кусок кода который должен быть перемещён выглядит так:if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
$show_result = 1;
}
else {
$show_result = 0;
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
if ($search_keywords != "") {
$show_result = 1;
}
}
else {
$search_keywords = "";
}
$org_search_keywords = $search_keywords;
if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
if ($search_user != "") {
$show_result = 1;
}
}
else {
$search_user = "";
}
$org_search_user = $search_user;
if (isset($HTTP_POST_VARS['search_terms'])) {
$search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 1 : 0;
}
else {
$search_terms = 0;
}
if (isset($HTTP_POST_VARS['search_fields'])) {
$search_fields = trim($HTTP_POST_VARS['search_fields']);
}
else {
$search_fields = "all";
}
$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;
if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
$search_new_images = 1;
$show_result = 1;
}
else {
$search_new_images = 0;
}
Step 2
(http://img307.imageshack.us/img307/6874/gb3vq.gif) In register.php find:
(http://img307.imageshack.us/img307/682/ru0cy.gif) В register.php найдите: if ($site_db->not_empty($sql)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
(http://img307.imageshack.us/img307/6874/gb3vq.gif) Insert below:
(http://img307.imageshack.us/img307/682/ru0cy.gif) Добавьте ниже: elseif (preg_match("#[<>]#", $user_name))
{
$msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
$error = 1;
}
(http://img307.imageshack.us/img307/6874/gb3vq.gif) Then in lang/<your language>/main.php at the end, above closing ?> insert:
(http://img307.imageshack.us/img307/682/ru0cy.gif) Затем в lang/<ваш языковой пакет>/main.php в самый конец файла, выше закрывающей ?> добавьте:$lang['username_bad_characters'] = "Username contains not allowed character(s)";
Step 3
(http://img307.imageshack.us/img307/6874/gb3vq.gif) In global.php find:
(http://img307.imageshack.us/img307/682/ru0cy.gif) В global.php найдите:
//-----------------------------------------------------
//--- Start DB ----------------------------------------
//-----------------------------------------------------
(http://img307.imageshack.us/img307/6874/gb3vq.gif) Insert above:
(http://img307.imageshack.us/img307/682/ru0cy.gif) Добавьте выше:
if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
$show_result = 1;
}
else {
$show_result = 0;
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
if ($search_keywords != "") {
$show_result = 1;
}
}
else {
$search_keywords = "";
}
if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
if ($search_user != "") {
$show_result = 1;
}
}
else {
$search_user = "";
}
if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
$search_new_images = 1;
$show_result = 1;
}
else {
$search_new_images = 0;
}
(http://img307.imageshack.us/img307/6874/gb3vq.gif) If you wish, you can remove this block of code from search.php to increase perfomance (very insignificaly).
(http://img307.imageshack.us/img307/682/ru0cy.gif) Если вы хотите, то можете удалить такой-же блок кода из search.php, но это не обязательно.
(http://img307.imageshack.us/img307/6874/gb3vq.gif) In the attachment below you can find already modifyed default search.php, register.php and global.php
(http://img307.imageshack.us/img307/682/ru0cy.gif) Вы можете загрузить исправленные search.php, register.php и global.php из приложеного архива.
-
Thank you very much!
-
Actually, I don't get this ...
why would :
$main_template = 'search';
need to be moved below the global.php line ?
All 4images's PHP files (on the root path - even the index.php file) has the $main_template string on top of the GET_CACHES line ...
-
That is why my earlier suggestion was "Re-read three times, reply ones" ;)
There is nothing says about moving that line...it says "the code above it"
-
Thanks :D
-
Also Du hast es richtig gemacht... Vielleicht hätte V@no es so schreiben sollen... (o:
move the code between
*************************************************************************/
and
$main_template = 'search';
below this Line:
include(ROOT_PATH.'global.php');
-
das selbe problem habe ich auch...
nach diesem fix konnte man nicht als #username# registieren konnen. aber das funktioniert bei mir auch nicht.
-
mmm...it was not ment restrict all "special" characters, but only < and >
-
no, it calls "Regular expression" (aka REGEX) http://php.net/manual/function.preg-match.php
The pattern search only < and > in the name, nothing else.
-
Thanks for the fix, V@no!
-
Hi all, What they can do without this fix ? :?:
I have a 1.1 beta 3 p version of smf ....
-
hmmm....huh?
what SMF has anything to do with 4images? this is 4images support forum not SMF ;)
-
no, it calls "Regular expression" (aka REGEX) http://php.net/manual/function.preg-match.php
The pattern search only < and > in the name, nothing else.
Mhh. I can register a User with < and > after the Update !!! :?:
(http://people.freenet.de/stonyce/forum/sec-update.jpg)
Edit:
My register.php:
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/
if ($site_db->not_empty($sql)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
}
elseif (preg_match("#[<>]#", $user_name))
{
$msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
$error = 1;
}
/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/
-
Hmm,
I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.
What´s the problem. I use now the old code again.
-
Servus Fotograf74.
Irgendwelche Modifikationen bereits eingebaut? Wenn nicht lade dir 4Images erneut runter und tausche die Dateien aus.
Have you some modification in your 4images? Download 4images again and insert the orginal files.
-
Habe natürlich einige Modifikationen eingebaut
-
Habe natürlich einige Modifikationen eingebaut
Tja. Ohne Sicherungen siehst du jetzt "alt" aus :?
-
Attach your search.php to the reply.
-
Hi V@ano!
Have u an idea for my "problem"???
Mhh. I can register a User with < and > after the Update !!! :?:
(http://people.freenet.de/stonyce/forum/sec-update.jpg)
Edit:
My register.php:
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/
if ($site_db->not_empty($sql)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
}
elseif (preg_match("#[<>]#", $user_name))
{
$msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
$error = 1;
}
/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/
-
Hi V@ano!
Have u an idea for my "problem"???
Please atach your register.php, better yet, if you can show a URL to your site, then rename register.php that is on your server to register.phps (do not upload new register.phps) and show url to it. (PM me if you dont want it to be public)
-
http://people.freenet.de/stonyce/register.txt
The 4Images is only "local" ... anyhow often (--> :?:)
-
Ok, you've inserted the code in the wrong place. You must move the added code (blue) above the red baracket:
if ($site_db->not_empty($sql)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
}
elseif (preg_match("#[<>]#", $user_name))
{
$msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
$error = 1;
}
-
Thank you!
-
Thanks, modified as above on 1.7
Tried to Search, works fine,
Tried to register (seems to work fine)
Thank You
-
Hmm,
I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.
What´s the problem. I use now the old code again.
Attach your search.php to the reply.
Here is my search.php:
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: search.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.1 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
$show_result = 1;
}
else {
$show_result = 0;
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
if ($search_keywords != "") {
$show_result = 1;
}
}
else {
$search_keywords = "";
}
$org_search_keywords = $search_keywords;
if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
if ($search_user != "") {
$show_result = 1;
}
}
else {
$search_user = "";
}
$org_search_user = $search_user;
if (isset($HTTP_POST_VARS['search_terms'])) {
$search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 1 : 0;
}
else {
$search_terms = 0;
}
if (isset($HTTP_POST_VARS['search_fields'])) {
$search_fields = trim($HTTP_POST_VARS['search_fields']);
}
else {
$search_fields = "all";
}
$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;
if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
$search_new_images = 1;
$show_result = 1;
}
else {
$search_new_images = 0;
}
$main_template = 'search';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/search_utils.php');
$search_id = array();
if ($search_user != "" && $show_result == 1) {
$search_user = str_replace('*', '%', trim($search_user));
$sql = "SELECT ".get_user_table_field("", "user_id")."
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_name")." LIKE '$search_user'";
$result = $site_db->query($sql);
$search_id['user_ids'] = "";
if ($result) {
while ($row = $site_db->fetch_array($result)) {
$search_id['user_ids'] .= (($search_id['user_ids'] != "") ? ", " : "").$row[$user_table_fields['user_id']];
}
$site_db->free_result($result);
}
}
if ($search_keywords != "" && $show_result == 1) {
$search_keywords = strip_tags(trim($search_keywords));
$search_keywords = convert_special($search_keywords);
$search_keywords = strtolower($search_keywords);
$search_array = array(
"/\s+\+/",
"/\s+\-/",
"/[&|#][a-z0-9]*;/siU",
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
"#[-_'`´]+#s",
"#[\n\t\r^\$&\(\)<>\"\|,@\?%~\+\.\[\]{}:\/=\#;!§\\\\]+#s"
);
$replace_array = array(
" and ",
" not ",
" ",
" ",
" ",
"",
" "
);
$search_keywords = preg_replace($search_array, $replace_array, $search_keywords);
$split_words = preg_split("/\s+/", $search_keywords);
$match_field_sql = ($search_fields != "all" && isset($search_match_fields[$search_fields])) ? "AND m.".$search_match_fields[$search_fields]." = 1" : "";
$stopword_list = get_stopwords();
$search_word_cache = array();
for ($i = 0; $i < sizeof($split_words); $i++) {
if ($split_words[$i] == "and" || $split_words[$i] == "und" || $split_words[$i] == "or" || $split_words[$i] == "oder" || $split_words[$i] == "not") {
$search_word_cache[$i] = ($search_terms) ? "and" : $split_words[$i];
}
elseif ($split_words[$i] != "" && strlen($split_words[$i]) >= MIN_SEARCH_KEYWORD_LENGTH && strlen($split_words[$i]) <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($split_words[$i], $stopword_list)) {
$sql = "SELECT m.image_id
FROM ".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m
WHERE w.word_text LIKE '".addslashes(str_replace("*", "%", $split_words[$i]))."'
AND m.word_id = w.word_id
$match_field_sql";
$result = $site_db->query($sql);
$search_word_cache[$i] = array();
while ($row = $site_db->fetch_array($result)) {
$search_word_cache[$i][$row['image_id']] = 1;
}
$site_db->free_result();
}
}
$is_first_word = 1;
$operator = "or";
$image_id_list = array();
for ($i = 0; $i < sizeof($search_word_cache); $i++) {
if ($search_word_cache[$i] == "and" || $search_word_cache[$i] == "und" || $search_word_cache[$i] == "or" || $search_word_cache[$i] == "oder" || $search_word_cache[$i] == "not") {
if (!$is_first_word) {
$operator = $search_word_cache[$i];
}
}
elseif (is_array($search_word_cache[$i])) {
if ($search_terms) {
$operator = "and";
}
foreach ($search_word_cache[$i] as $key => $val) {
if ($is_first_word || $operator == "or" || $operator == "oder") {
$image_id_list[$key] = 1;
}
elseif ($operator == "not") {
unset($image_id_list[$key]);
}
}
if (($operator == "and" || $operator == "und") && !$is_first_word) {
foreach ($image_id_list as $key => $val) {
if (!isset($search_word_cache[$i][$key])) {
unset($image_id_list[$key]);
}
}
}
}
$is_first_word = 0;
}
$search_id['image_ids'] = "";
foreach ($image_id_list as $key => $val) {
$search_id['image_ids'] .= (($search_id['image_ids'] != "") ? ", " : "").$key;
}
unset($image_id_list);
}
if ($search_new_images && $show_result == 1) {
$search_id['search_new_images'] = 1;
}
if ($search_cat && $show_result == 1) {
$search_id['search_cat'] = $search_cat;
}
if (!empty($search_id)) {
$site_sess->set_session_var("search_id", serialize($search_id));
$session_info['search_id'] = $search_id;
}
include(ROOT_PATH.'includes/page_header.php');
$num_rows_all = 0;
if ($show_result == 1) {
if (!isset($session_info['searchid']) || empty($session_info['searchid'])) {
$session_info['search_id'] = $site_sess->get_session_var("search_id");
}
if (!empty($session_info['search_id'])) {
$search_id = unserialize($session_info['search_id']);
}
$sql_where_query = "";
if (!empty($search_id['image_ids'])) {
$sql_where_query .= "AND i.image_id IN (".$search_id['image_ids'].") ";
}
if (!empty($search_id['user_ids'])) {
$sql_where_query .= "AND i.user_id IN (".$search_id['user_ids'].") ";
}
if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
$new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff'];
$sql_where_query .= "AND i.image_date >= $new_cutoff ";
}
if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) {
$cat_id_sql = 0;
$sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
if (check_permission("auth_viewcat", $search_id['search_cat'])) {
$cat_id_sql .= ", ".$search_id['search_cat'];
if (!empty($sub_cat_ids[$search_id['search_cat']])) {
foreach ($sub_cat_ids[$search_id['search_cat']] as $val) {
if (check_permission("auth_viewcat", $val)) {
$cat_id_sql .= ", ".$val;
}
}
}
}
}
else {
$cat_id_sql = get_auth_cat_sql("auth_viewcat");
}
if (!empty($sql_where_query)) {
$sql = "SELECT COUNT(*) AS num_rows_all
FROM ".IMAGES_TABLE." i
WHERE i.image_active = 1 $sql_where_query
AND i.cat_id IN ($cat_id_sql)";
$row = $site_db->query_firstrow($sql);
$num_rows_all = $row['num_rows_all'];
}
}
if (!$num_rows_all && $show_result == 1) {
$msg = preg_replace("/".$site_template->start."search_keywords".$site_template->end."/", $search_keywords, $lang['search_no_results']);
}
//-----------------------------------------------------
//--- Show Search Results -----------------------------
//-----------------------------------------------------
if ($num_rows_all && $show_result == 1) {
$link_arg = $site_sess->url(ROOT_PATH."search.php?show_result=1");
include(ROOT_PATH.'includes/paging.php');
$getpaging = new Paging($page, $perpage, $num_rows_all, $link_arg);
$offset = $getpaging->get_offset();
$site_template->register_vars(array(
"paging" => $getpaging->get_paging(),
"paging_stats" => $getpaging->get_paging_stats()
));
$imgtable_width = ceil((intval($config['image_table_width'])) / $config['image_cells']);
if ((substr($config['image_table_width'], -1)) == "%") {
$imgtable_width .= "%";
}
$additional_sql = "";
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
$additional_sql .= ", i.".$key;
}
}
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name")."
FROM ".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
WHERE i.image_active = 1
$sql_where_query
AND c.cat_id = i.cat_id AND i.cat_id IN ($cat_id_sql)
ORDER BY ".$config['image_order']." ".$config['image_sort']."
LIMIT $offset, $perpage";
$result = $site_db->query($sql);
$thumbnails = "<table width=\"".$config['image_table_width']."\" border=\"0\" cellpadding=\"".$config['image_table_cellpadding']."\" cellspacing=\"".$config['image_table_cellspacing']."\">\n";
$count = 0;
$bgcounter = 0;
while ($image_row = $site_db->fetch_array($result)) {
if ($count == 0) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$thumbnails .= "<tr class=\"imagerow".$row_bg_number."\">\n";
}
$thumbnails .= "<td width=\"".$imgtable_width."\" valign=\"top\">\n";
show_image($image_row, "search");
$thumbnails .= $site_template->parse_template("thumbnail_bit");
$thumbnails .= "\n</td>\n";
$count++;
if ($count == $config['image_cells']) {
$thumbnails .= "</tr>\n";
$count = 0;
}
} // end while
if ($count > 0) {
$leftover = ($config['image_cells'] - $count);
if ($leftover >= 1) {
for ($i = 0; $i < $leftover; $i++) {
$thumbnails .= "<td width=\"".$imgtable_width."\">\n \n</td>\n";
}
$thumbnails .= "</tr>\n";
}
}
$thumbnails .= "</table>\n";
$content = $thumbnails;
unset($thumbnails);
} // end if
else {
$site_template->register_vars(array(
"search_keywords" => htmlspecialchars(stripslashes($org_search_keywords)),
"search_user" => htmlspecialchars(stripslashes($org_search_user)),
"lang_search_by_keyword" => $lang['search_by_keyword'],
"lang_search_by_username" => $lang['search_by_username'],
"lang_new_images_only" => $lang['new_images_only'],
"lang_search_terms" => $lang['search_terms'],
"lang_or" => $lang['or'],
"lang_and" => $lang['and'],
"lang_category" => $lang['category'],
"lang_search_fields" => $lang['search_fields'],
"lang_all_fields" => $lang['all_fields'],
"lang_name_only" => $lang['name_only'],
"lang_description_only" => $lang['description_only'],
"lang_keywords_only" => $lang['keywords_only'],
"category_dropdown" => get_category_dropdown($cat_id)
));
if (!empty($additional_image_fields)) {
$additional_field_array = array();
foreach ($additional_image_fields as $key => $val) {
if (isset($lang[$key.'_only'])) {
$additional_field_array['lang_'.$key.'_only'] = $lang[$key.'_only'];
}
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
$content = $site_template->parse_template("search_form");
}
//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
// $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['search']."</span>"; // Original code
// MOD: Dynamic page title BLOCK BEGIN
if (!empty($search_id['search_new_images'])) {
if( $search_id['search_new_images'] == 1 )
$txt_clickstream = $lang['new_images'];
else
$txt_clickstream = $lang['new_images_since'];
}
else {
$txt_clickstream = $lang['search'];
}
$clickstream = "<span class=\"clickstream\"><a title=\"".$lang['home']."\" href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].(($search_keywords) ? "<a href=\"".$site_sess->url(ROOT_PATH."search.php")."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'].$search_keywords : $txt_clickstream)."</span>"; // Show search keywords
$page_title = $config['category_separator'].$txt_clickstream;
// MOD: Dynamic page title BLOCK END
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"content" => $content,
"msg" => $msg,
"clickstream" => $clickstream,
"page_title" => $page_title, // MOD: Dynamic page title
"lang_search" => $lang['search']
));
// MOD: Dynamic page title BLOCK BEGIN
//-----------------------------------------------------
//--- Parse Header & Footer ---------------------------
//-----------------------------------------------------
if (isset($main_template) && $main_template) {
$header = $site_template->parse_template("header");
$footer = $site_template->parse_template("footer");
$site_template->register_vars(array(
"header" => $header,
"footer" => $footer
));
unset($header);
unset($footer);
}
// MOD: Dynamic page title BLOCK END
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>
-
mmm...I ment attach the search.php with the fix implemented...what you showed has no fix installed...
Ok, I think it would be best just to attach already fixed files to the original post...
P.S. if you see "attach", that means attach the file, not show the source ;)
-
I just downloaded the gallery script and installed it today - is that one I downloaded already modified?
-
I just downloaded the gallery script and installed it today - is that one I downloaded already modified?
No.
-
I found an issue with search.php after these changes...and added Step 3 that fixes that issue.
-
Hallo,
ich habe auf Seite 1 den Link (search.php + register.php+global.php.zip) gefunden. Sind diese Dateien jetzt die Modifizierten incl. des
Sicherheitspatches?
Bei soviel durcheinander (English und Deutsch) blickt man ja garnicht mehr durch. :(
Ich bin des Englishen nur brocken weise mächtig, im grund eher schlecht als recht.
Gruß
Nobby
-
Hallo nobby
Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.
Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.
Gruss
TIMT
-
Hallo nobby
Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.
Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.
Gruss
TIMT
Danke für Deine schnelle Antwort ! :D
-
here is a tip:
Download the zip package from the attachment and compare it with the original search.php
-
Vano, if everything works correctly on my server, I don't need to do this update again, do I? I don't understand what changed from the original update. Thanks!
-
Why are the files are not atached longer?
-
In the attachment below you can find already modifyed default search.php, register.php and global.php
and where i can get this attachment. i can't see it!
-
Vano, if everything works correctly on my server, I don't need to do this update again, do I?
If your site security is not in the priority for you, then no, you dont need to apply this fix, but then, dont cry if your gallery get hacked through this security hole...
P.S. I've attached the modifyed files for v1.7 and v1.7.1 in the original post.
-
I have 4images 1.7.2.
Are Security and search bugs are fixed?
:roll:
-
yes, in 1.72 already build in all know security fixes,
and there are no fixes for 1.72 at the moment.
-
but i'm still having some errors like:
Validate images after delite or.. i get this : Warning: copy(./../data/media/2/yh_2.jpg): failed to open stream: No such file or directory in /var/www/vhosts/yours.lt/subdomains/proektaslt/httpdocs/admin/admin_functions.php on line 111
Error adding image: asdasd (yh_2.jpg)
and Add categories a get this : Warning: ftp_login() expects parameter 1 to be resource, boolean given in /var/www/vhosts/yours.lt/subdomains/mysite/httpdocs/admin/categories.php on line 86
Mauvaise connexion FTPEssaye de se connecter a ftp.yours.lt for user
-
re check steps and configuration of safe mode mod that you've installed.
-
Man hat mich darauf aufmerksam gemacht, dass die search.php eine Sicherheitslücke haben soll und für sql-injection anfällig ist. Ich habe auch einen Link zu dem entsprechenden Script, möchte diesen aber natürlich nicht veröffentlichen. Wenn also einer der Admins sich mal mit mir in Verbindung setzt, Jan habe ich schon eine PN geschickt, bin ab Donnerstag wieder online.
-
@ tansamalaja:
Der Bug den Du meinst ist aus 2006 und wurde damals gleich gefixt:
http://www.4homepages.de/forum/index.php?topic=14604.0
Zudem enthält die aktuelle Version 4images 1.7.4 allle Fixes.
Download hier: http://www.4homepages.de/4images/download.php
-
Dann ist ja gut... 8)