4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: V@no on April 26, 2006, 12:25:45 AM
-
If you downloaded 4images v1.7.2 before 25-04-2006 you should apply this fix!
If you downloaded it after that date, then you should not worry about it, the download package already conteins this fix.
Step 1
In global.php
find: /*
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
*/
/*
do {
$oldval = $val;
$val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
} while ($oldval != $val);
*/
Replace with: $val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
do {
$oldval = $val;
$val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
} while ($oldval != $val);
Or you can download 4images package from this (http://www.4homepages.de/4images/download.php) page and replace global.php from that package.
Step 2
And in case someone already used this hole on your site, you should find and delete any user who has < and > tags in their name (well, atleast these who has <script or other HTML tags) (personaly I would not feel bad even perm ban for that)
For that go to ACP (Admin Control Panel) -> Edit users -> in the "Userame conteins" field enter: < and click "Find"
Repeat search for >
[EDIT]
For these who cant find the code above, you probably have something like this instead: $val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
(note, there is no /* and */ around that block of code!
So, replace this block with the code above.
-
thank you, for your update-info! :)
andreas
-
thanks
-
This passage is not in my global.php!
In my global.php only I can find this:
$search2 =
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
$replace2 = //str_repeat("\r", strlen($search2));
"\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";
foreach ($array as $key => $val) {
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = preg_replace($search, $replace, $val);
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
}
$array[$key] = $val;
}
return $array;
What do I have to do,
Thanks and bye
-
8)
Done
Thanks V@no :wink:
-
i also cant find this in global.php
-
This passage is not in my global.php!
In my global.php only I can find this:
Just to confirm I have the same global.php as konradin. The file is dated 08/03/06 6:19pm.
The thread heading is related to register.php which I take as being an error.
-
I think the post title needs to be changed as its confusing. It should be global.php that needs changing not register.php.
I have the same problem as the message by "konradin" above.
Thanks.
-
I've searched my global.php also and cannot find the code string shown above.
Does this mean those of us who cannot find it do not have the security breech?
Or is this just another one of those fixes that might be a fix until somebody finds out it didn't really fix what it was intended to fix, but instead was really an unfix for something else already fixed, but not fixed any more, because this fix is not really a fix at all, but a fixation of the mind?
When you get this figured out, gimme a call cuz I'm fixin' to logout of this security fix topic and fixin' to get somethin' to eat... if wife was kind enough to fix din din already.
Fix ya later!
-
Ist eine Änderung denn auch notwendig wenn 4images bei registrierungen auf die Userdatenbank von phpbb zugreift?
danke u. gruß
-
Same here, can't find either piece (the old and the new) of the code in global or register.
Guess it doesn't need fixing then..
Thx,
Mat
-
Hallo, was ist mit den älteren versionen 1.7 / 1.7.1 ??
-
I would like to know too!
-
This passage is not in my global.php!
In my global.php only I can find this:
$search2 =
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
$replace2 = //str_repeat("\r", strlen($search2));
"\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";
foreach ($array as $key => $val) {
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = preg_replace($search, $replace, $val);
$val = str_replace("\r\n", "\n", $val);
$val = str_replace("\r", "\n", $val);
$val = strtr($val, $search2, $replace2);
$val = str_replace("\r", '', $val); // \r === \x0D
}
$array[$key] = $val;
}
return $array;
What do I have to do,
Thanks and bye
Add:
do {
$oldval = $val;
$val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
} while ($oldval != $val);
after
$val = str_replace("\r", '', $val); // \r === \x0D
-
Hallo, was ist mit den älteren versionen 1.7 / 1.7.1 ??
Eine 4images-Installation Version 1.7 mit allen "Security Fixes" enthält nicht dieses "Security Hole" !
An 4images installation version 1.7 with all "security fixes" does not contain this "security hole"!
-
Hımmm..
thanks V@no .
-
I've updated the original post with some more instructions (see step 2)
-
so the only thing that needs to get replaced is
/* and */
?
If you want to read about this bug: http://secunia.com/advisories/19745/
-
thanks for that update
-
Thank you for the update, I have several sites running 1.7.2 but others were 1.7.
Would this be OK if I applied it on 1.7 ?
Thank You.
-
@ ufkydpnr,
An 4images installation version 1.7 with all "security fixes" does not contain this "security hole"!
-
Dear Mawenzi,
Thanks for your reply, I guess you replied the same thing in German before, but thanks again since I don't speak German.
:)
-
Hi.
What is with the Bug from here? http://www.4homepages.de/forum/index.php?topic=10921.0 is it in 1.7.2 included ? I can register with "<" oder ">" in the Name....???
Hallo.
Was ist mit diesem Fehler: http://www.4homepages.de/forum/index.php?topic=10921.0. Ist das in der Verision 1.7.2 integriert? Ich kann wieder Benutzer registrieren mit > oder < im Namen ???
... macht das nicht eigentlich fast das gleiche?
Edit 1:
if ($site_db->not_empty($sql)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
$error = 1;
}
}
else {
$msg .= (($msg != "") ? "<br />" : "").$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['user_name']), $lang['field_required']);
$error = 1;
Can´t find this ...
Finde diesen Bereich nicht mehr
elseif (preg_match("#[<>]#", $user_name))
{
$msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
$error = 1;
}
-
What is with the Bug from here? http://www.4homepages.de/forum/index.php?topic=10921.0 is it in 1.7.2 included ? I can register with "<" oder ">" in the Name....???
Please pay attention to the version number of the security fix.
If its says v1.7 / v1.7.1 it means only v1.7 and v1.7.1 affected, v1.7.2 is already fixed. If it says v1.7.2 that means only v1.7.2 has the bug all previous version dont have it.
Now, if you are having problem installing the fix for v1.7 or v1.7.1, then why would reply to this topic?
-
:D :D :D
hi all thank you for the bug sulation that was found in version 1.7.2 in the global.php
i replace that old file with new file and we try to register but we can n't
it means that the problem is solved
thank youuuuuuuuuuuuuuuuuuuuuuu
-
Just a note:
With this fix you can not post any <script> <iframe> etc HTML code anywhere from regular members pages (profile, descriptions, comments, etc)
If you, as admin, wish to add such code, you'll have to do it via ACP
-
Just a note:
With this fix you can not post any <script> <iframe> etc HTML code anywhere from regular members pages (profile, descriptions, comments, etc)
If you, as admin, wish to add such code, you'll have to do it via ACP
Question: I just posted this topic: http://www.4homepages.de/forum/index.php?topic=12761.new#new
Is the reason the issue you mention above? If by ACP you mean "Admin Control Panel" (I'm just guessing) that didn't seem to be the case for me. After the upgrade, all my existing HTML in the description fields stopping working and even when entered from the Admin Control Panel it will not work.
-
:twisted: :twisted:
Ist eine Änderung denn auch notwendig wenn 4images bei registrierungen auf die Userdatenbank von phpbb zugreift? :?: :?: :?:
danke u. gruß
-
auf die userdatenbank von phpbb?
bin neu hier aber ich an deiner stelle würde die änderungen einfügen ...
-
thanks a lot for [1.7.2] Security fix 8)
-
Thanks for sharing