[1.7 - 1.7.9] Security fix for path disclosure in paging.php

[kai]

A minor security vulnerability has  been found which leads to path disclosure.

To  fix this:

In includes/paging.php

find

$this->page = $page;
$this->perpage = $perpage;
$this->num_rows_all = $num_rows_all;

if (!isset($this->page) || !intval($this->page)) {
  $this->page = 1;
}
if (!$this->num_rows_all) {

and replace with

$this->page = intval($page);
$this->perpage = intval($perpage);
$this->num_rows_all = intval($num_rows_all);

if ($this->page <= 0) {
  $this->page = 1;
}
if ($this->perpage <= 0) {
  $this->perpage = 1;
}
if ($this->num_rows_all <= 0) {

[x23piracy]

Hi,

im using V@no's Universal Paging Class V1.1.1 and i cannot find that line in it.
Is that bug also existing in that paging.php?

Universal Paging Class 1.1.1: http://www.4homepages.de/forum/index.php?topic=6926.0


Greetz X23

[Tino23]

Schau mal in Zeile 60 dort steht die Zeile.

[x23piracy]

Hi,

Schau mal in Zeile 60 dort steht die Zeile.

ja mitlerweile weil V@no auf 1.1.2 aktualisiert hat, im File davor 1.1.1 fehlte das.


Gruß Jens

[Sunny C.]

The paging.php is find in includes/