4images Help / Hilfe > Bug Fixes & Patches
[1.7 / 1.7.1] Security fix in search.php and register.php
V@no:
This is an important security fix.
Это очень важная заплатка для опасной дыры в скрипте
Step 1
In search.php any variables or other code that is located below copyright notice
В search.php всё что находится ниже копирайта (который заканьчиватся этой строкой):
--- Code: ---*************************************************************************/
--- End code ---
and above
и выше:
--- Code: ---$main_template = 'search';
--- End code ---
must be moved below
должно быть перенесено ниже:
--- Code: ---include(ROOT_PATH.'global.php');
--- End code ---
In default 4images, the block that must be moved is:
В свежей 4images кусок кода который должен быть перемещён выглядит так:
--- Code: ---if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
$show_result = 1;
}
else {
$show_result = 0;
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
if ($search_keywords != "") {
$show_result = 1;
}
}
else {
$search_keywords = "";
}
$org_search_keywords = $search_keywords;
if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
if ($search_user != "") {
$show_result = 1;
}
}
else {
$search_user = "";
}
$org_search_user = $search_user;
if (isset($HTTP_POST_VARS['search_terms'])) {
$search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 1 : 0;
}
else {
$search_terms = 0;
}
if (isset($HTTP_POST_VARS['search_fields'])) {
$search_fields = trim($HTTP_POST_VARS['search_fields']);
}
else {
$search_fields = "all";
}
$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;
if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
$search_new_images = 1;
$show_result = 1;
}
else {
$search_new_images = 0;
}
--- End code ---
Step 2
In register.php find:
В register.php найдите:
--- Code: --- if ($site_db->not_empty($sql)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
--- End code ---
Insert below:
Добавьте ниже:
--- Code: --- elseif (preg_match("#[<>]#", $user_name))
{
$msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
$error = 1;
}
--- End code ---
Then in lang/<your language>/main.php at the end, above closing ?> insert:
Затем в lang/<ваш языковой пакет>/main.php в самый конец файла, выше закрывающей ?> добавьте:
--- Code: ---$lang['username_bad_characters'] = "Username contains not allowed character(s)";
--- End code ---
Step 3
In global.php find:
В global.php найдите:
--- Code: ---//-----------------------------------------------------
//--- Start DB ----------------------------------------
//-----------------------------------------------------
--- End code ---
Insert above:
Добавьте выше:
--- Code: ---if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
$show_result = 1;
}
else {
$show_result = 0;
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
if ($search_keywords != "") {
$show_result = 1;
}
}
else {
$search_keywords = "";
}
if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
if ($search_user != "") {
$show_result = 1;
}
}
else {
$search_user = "";
}
if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
$search_new_images = 1;
$show_result = 1;
}
else {
$search_new_images = 0;
}
--- End code ---
If you wish, you can remove this block of code from search.php to increase perfomance (very insignificaly).
Если вы хотите, то можете удалить такой-же блок кода из search.php, но это не обязательно.
In the attachment below you can find already modifyed default search.php, register.php and global.php
Вы можете загрузить исправленные search.php, register.php и global.php из приложеного архива.
piet:
Thank you very much!
TheOracle:
Actually, I don't get this ...
why would :
--- Quote ---
$main_template = 'search';
--- End quote ---
need to be moved below the global.php line ?
All 4images's PHP files (on the root path - even the index.php file) has the $main_template string on top of the GET_CACHES line ...
V@no:
That is why my earlier suggestion was "Re-read three times, reply ones" ;)
There is nothing says about moving that line...it says "the code above it"
Eagle Eye:
Thanks :D
Navigation
[0] Message Index
[#] Next page
Go to full version