4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: Jan on October 16, 2006, 10:25:09 AM
-
Security fix for Cross-Site Scripting Vulnerability
Open global.php and search for
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
in Version 1.7.2 and 1.7.3 or
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
in Version 1.7.1 and 1.7.
Add the following line below
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
-
... thanks Jan and Kai ...
-
thanks jan :wink:
-
ist das in Version 1.7.1 die Zeile??
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
die Zeile
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
find oder hab ich gar nicht
-
thanx
done! :wink:
-
thanks i am done :D
-
ist das in Version 1.7.1 die Zeile??
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
die Zeile
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
find oder hab ich gar nicht
Ja, ich hab den ersten Post entsprechend aktualisiert.
-
supi!! Danke!!!
-
thanks
-
:roll:
Hallo Jan;
Dumme Frage von mir :roll:
Werden die Security fix gleich mit in den Download Packet mit eingearbeitet oder mus man das immer extra machen ???
Danke für die Antwort...
# :lol:
-
Nein, die Fixes werden nur in neue Versionen eingearbeitet. Du musst den Patch also manuell einfügen. Eine neue Bugfix-Version ist schon in Arbeit.
-
hi
sory for bad english :)
is the New version 4images 1.7.3 released
in the Download page
http://www.4homepages.de/4images/download.php
fixed??
and thanks
-
thanks
there is 2 news in news box
did I must do it manually ??
and we wait the new fixed version
by
-
:arrow: Done ThanX Jan 8)
-
Thank you verry much!
-
thanks dude
-
Thanks for the fix dude
updating my gallery now !
-
Das klappt wie immer Prima bei euch :D, Thanks
-
kann mir das bitte nochmal jemand verdeutschen, um was für ein Security Fix es sich handelt und wo genau ich die Zeile einsetzen soll? Genau unter die Zeile zwischen die Zeile und der darunterbefindlichen klammer?
-
damit wird eine sicherheits lücke geschlossen
wenn du v 1.7.2 oder 1.7.3 hast
öffne global.php und suche nach
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
oder wenn du 1.7 bis 1.7.1 hast
suche nach
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
gleich drunter füge diese zeile ein
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
so.. hoffe dies war in gutem deutsch :)
grüsse von einem nicht deutschen ;)
-
danke Nicky :D grade bei solchen 'komplizierten' Sachen in denen ich mich absolut nicht auskenne bin ich mir in meinem Stolperenglisch immer zu unsicher irgendetwas auf GutGlück zu machen :)
War eine gute deutsche Anweisung :)
Sieht jetzt bei mir so aus:
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}
richtig?
-
schönheitsfehler *g*
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
so ist viel schöner ;)
-
danke schön, so steht es auch in der Datei, hab hier aber diese Codebox zum Posten nicht gefunden :oops:
-
Thanks muchly guys :D
-
Thank you verry much. :wink:
Updatet.
-
Thanks :lol:
-
cool thank you :D
-
Thank you :D
-
Nice Thank you
-
Hi,
ein Gedanke... Die Danksagungen sind super und auch sehr gut. Nur machen sie es u.U. ziemlich unübersichtlich, zu technischen INhalten zu kommen. Man kann dadurch leicht was übersehen. Kann man die nicht ausserhalb des eigentlichen Threads anbringen?
Übrigens Jan: Danke.
:)
Grüße, Jörg
-
Thank you very much! :D
-
Thank you very much Jan!
Best wishes,
Kimmy
-
Dankeschön! :)
-
Vielen herzlichen Dank
-
first of all i would thank 4images group for sending me this massege for fixing the bug in 4images
every thing is done
the bugs fix
thank you agian
-
Thanks so much :wink:
have been Updated :D
-
I'm maby stupid but what is " Cross-Site Scripting Vulnerability" i have never heard about it :roll:
-
http://en.wikipedia.org/wiki/Cross_site_scripting
-
Hi,
I just applied the security fix and viewed the result.
The page in general looks like it has been before but on the Top of the page there are now a lot of additional system messages: 8O
cache[$row['cat_id']] = $row['new_images']; } $site_db->free_result(); // -------------------------------------- $sql = "SELECT cat_id, COUNT(*) AS num_images FROM ".IMAGES_TABLE." WHERE image_active = 1 GROUP BY cat_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $cat_cache[$row['cat_id']]['num_images'] = $row['num_images']; } $site_db->free_result(); } //end if GET_CACHES ?>
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86
Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94
Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94
I integrated the gallery in the layout of my site. Can it be that the script tries to modify that layout now too?
What can these messages mean? :?
regards
BitBull
-
8O I tried to log on as registered user ...
There are even more of these messages and I am not able to log in anymore! :?: :?: :?:
Some guesses somewhere?
regards
BitBull
-
seams your global.php is strange...
uploaded as binary... edited with nonconform editor.
-
Hmmm ... I guess thats not the problem really.
I am using Phase 5 (HTML Editor). I am using that editor ever and I did all my work on my sites with that editor.
I also removed the fix in global.php with this editor and everything works properly again ...
... but so I haven't applied the security fix.
Any other idea?
thanks and regards
BitBull
-
then is something else..
like you can see, all ppl. don't have a problem with it.
-
most certainly yes! :wink:
But hopefully someone can "understand" these messages and give me a hint where the problem could be to find ... :roll:
For me it seems that it has something to do with the header-file because there I integrated the menu etc. of my site. Can it be that with these additions the new line in the global.php has a problem? ...
The mentioned 2 lines in the sessions.php are:
86:
session_start();
and 94:
setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
BitBull
-
The line that causes this error is in global.php, line 450.
output started at /homepages/blablabla/publik/global.php:450
Can you post whats in (or better in and around) this line.
Jan
-
8O
Thats funny...
my global.php ends with line 438 already. :?:
here are the last lines of my global.php (426 to 438):
$sql = "SELECT cat_id, COUNT(*) AS num_images
FROM ".IMAGES_TABLE."
WHERE image_active = 1
GROUP BY cat_id";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$cat_cache[$row['cat_id']]['num_images'] = $row['num_images'];
}
$site_db->free_result();
} //end if GET_CACHES
?>
Just as a relation. The bugfix line lies between 166 to 169:
if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) {
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}
regards
BitBull
-
Are you sure that the global.php on your server is the same as the one on your harddisk?
-
I compared it again (took a copy from the server again where I've put the fixed file yesterday ...)
Yes, both are exactely the same
BUT :!: :!: :!:
Don't ask me why. I've had a look on my gallery just now ... the error messages are gone ... :? seems that a miracle occured, doesn't it???
I am even able to log in again. :mrgreen:
So everything is OK. I will check it out tomorrow again ... I hope the bloody messages won't be back again. :wink:
Thanks Nicky an Jan for your time and support
So lets go on with daily business ... :lol:
regards
Tobi