4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kai on December 07, 2010, 10:45:56 AM
-
A minor security vulnerability has been found which leads to path disclosure.
To fix this:
In includes/paging.php
find
$this->page = $page;
$this->perpage = $perpage;
$this->num_rows_all = $num_rows_all;
if (!isset($this->page) || !intval($this->page)) {
$this->page = 1;
}
if (!$this->num_rows_all) {
and replace with
$this->page = intval($page);
$this->perpage = intval($perpage);
$this->num_rows_all = intval($num_rows_all);
if ($this->page <= 0) {
$this->page = 1;
}
if ($this->perpage <= 0) {
$this->perpage = 1;
}
if ($this->num_rows_all <= 0) {
-
Hi,
im using V@no's Universal Paging Class V1.1.1 and i cannot find that line in it.
Is that bug also existing in that paging.php?
Universal Paging Class 1.1.1: http://www.4homepages.de/forum/index.php?topic=6926.0 (http://www.4homepages.de/forum/index.php?topic=6926.0)
Greetz X23
-
Schau mal in Zeile 60 dort steht die Zeile.
-
Hi,
Schau mal in Zeile 60 dort steht die Zeile.
ja mitlerweile weil V@no auf 1.1.2 aktualisiert hat, im File davor 1.1.1 fehlte das.
Gruß Jens
-
The paging.php is find in includes/