Author Topic: A hole in global.php 1.7.6 ?????? (Read 4113 times)

4dabdura · « **on:** April 02, 2009, 12:37:58 AM »

hello everybody it's my first post here, great script thanks to coders, ok to the subject now
not sure if i'm posting in right section....
I understand neither PHP nor Chinese but here's what i found:

http://bbs.wolvez.org/topic/56/
http://www.sebug.net/vulndb/4766/

what these supposed to mean? is there a hole in 1.7.6 global.php

kai · « **Reply #1 on:** April 02, 2009, 11:04:09 AM »

Please use this fix:

In global.php find:

if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

Replace with:

if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

4dabdura · « **Reply #2 on:** April 02, 2009, 11:32:13 AM »

thanks for great support

4images Forum & Community

News:

Author Topic: A hole in global.php 1.7.6 ?????? (Read 4113 times)

4dabdura

A hole in global.php 1.7.6 ??????

kai

Re: A hole in global.php 1.7.6 ??????

4dabdura

Re: A hole in global.php 1.7.6 ??????