76
Bug Fixes & Patches / Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« on: November 02, 2006, 10:41:04 AM »
Are you sure that the global.php on your server is the same as the one on your harddisk?
You're looking for some 4images templates and styles? Then visit this thread to show websites with 4images templates to download.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
output started at /homepages/blablabla/publik/global.php:450
<input type="radio" name="search_terms" value="all" checked="checked" />
{lang_and}
<input type="radio" name="search_terms" value="any" />
{lang_or}
<input type="radio" name="search_terms" value="any" checked="checked" />
{lang_or}
<input type="radio" name="search_terms" value="all" />
{lang_and}
if (isset($HTTP_GET_VARS['search_userid'])) {
$search_id['user_ids'] .= ((!empty($search_id['user_ids'])) ? ", " : "").intval($HTTP_GET_VARS['search_userid']);
$show_result = 1;
}
ist das in Version 1.7.1 die Zeile??Ja, ich hab den ersten Post entsprechend aktualisiert.Code: [Select]$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
die ZeileCode: [Select]$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
find oder hab ich gar nicht
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
in Version 1.7.2 and 1.7.3 or$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
in Version 1.7.1 and 1.7.$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);