Author Topic: [1.7 / 1.7.1] Security fix in search.php and register.php  (Read 161433 times)

0 Members and 1 Guest are viewing this topic.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #30 on: January 14, 2006, 07:19:06 PM »
mmm...I ment attach the search.php with the fix implemented...what you showed has no fix installed...

Ok, I think it would be best just to attach already fixed files to the original post...

P.S. if you see "attach", that means attach the file, not show the source ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline likeaflower

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #31 on: January 17, 2006, 07:23:00 AM »
I just downloaded the gallery script and installed it today - is that one I downloaded already modified?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #32 on: January 17, 2006, 07:40:11 AM »
I just downloaded the gallery script and installed it today - is that one I downloaded already modified?
No.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #33 on: February 19, 2006, 07:12:00 PM »
I found an issue with search.php after these changes...and added Step 3 that fixes that issue.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline nobby

  • 4images Guru
  • *******
  • Posts: 2.872
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #34 on: February 19, 2006, 09:06:15 PM »
Hallo,

ich habe auf Seite 1 den Link (search.php + register.php+global.php.zip) gefunden. Sind diese Dateien jetzt die Modifizierten incl. des
Sicherheitspatches?


Bei soviel durcheinander (English und Deutsch) blickt man ja garnicht mehr durch.  :(

Ich bin des Englishen nur brocken weise mächtig, im grund eher schlecht als recht.

Gruß
Nobby

Offline TIMT

  • Hero Member
  • *****
  • Posts: 505
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #35 on: February 19, 2006, 09:21:57 PM »
Hallo nobby

Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.

Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.

Gruss
TIMT

Offline nobby

  • 4images Guru
  • *******
  • Posts: 2.872
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #36 on: February 19, 2006, 09:29:19 PM »
Hallo nobby

Ja, dies sollten die modifizierten Dateien sein. V@no hat neu Step 3 publiziert.

Das Problem war:
Nach einer Suche von Bildern (z.B. Keyword "Baum") wurden alle Bilder mit entsprechendem Keyword angezeigt. Nach einem Klick auf den "Lightbox" Button wurde das Bild zwar in die Lightbox abgelegt, aber das Suchresultat wurde nicht mehr angezeigt. Stattdessen wurde die Maske "Erweiterte Suche" angezeigt.

Gruss
TIMT

Danke für Deine schnelle Antwort !   :D

Offline ivan

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 2.279
    • View Profile
    • Bilder Gallery
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #37 on: February 20, 2006, 11:47:59 AM »
hello vano

here my search.php

I have inserted security fixed in search.php, You scribe, one should extinguish code perch!
(If you wish, you can remove this block of code from search.php to increase perfomance (very insignificaly).)

Unfortunately, is mine modified search.php and does not know exactly what I should extinguish, can you help me?

gruss ivan



Code: [Select]
REMOVED
« Last Edit: February 20, 2006, 02:30:28 PM by V@no »
greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #38 on: February 20, 2006, 02:31:43 PM »
here is a tip:
Download the zip package from the attachment and compare it with the original search.php
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Washi

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #39 on: February 26, 2006, 09:12:38 PM »
Vano, if everything works correctly on my server, I don't need to do this update again, do I? I don't understand what changed from the original update. Thanks!

Offline Saiman

  • Newbie
  • *
  • Posts: 14
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #40 on: March 01, 2006, 10:40:29 PM »
Why are the files are not atached longer?

Offline jovan

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #41 on: April 03, 2006, 12:04:36 PM »
Quote
In the attachment below you can find already modifyed default search.php, register.php and global.php
and where i can get this attachment. i can't see it!

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #42 on: April 04, 2006, 01:44:53 AM »
Vano, if everything works correctly on my server, I don't need to do this update again, do I?
If your site security is not in the priority for you, then no, you dont need to apply this fix, but then, dont cry if your gallery get hacked through this security hole...

P.S. I've attached the modifyed files for v1.7 and v1.7.1 in the original post.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Supoplex

  • Pre-Newbie
  • Posts: 2
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #43 on: April 06, 2006, 07:28:45 PM »
I have 4images 1.7.2.
Are Security and  search  bugs are fixed?
 :roll:

Offline IcEcReaM

  • Hero Member
  • *****
  • Posts: 714
    • View Profile
    • My little Testboard
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #44 on: April 06, 2006, 08:02:14 PM »
yes, in 1.72 already build in all know security fixes,
and there are no fixes for 1.72 at the moment.
Coding is a everlasting competition between programmers who tries to write larger, better and idiot-safe programs and the universe producing larger and stupider idiots...
...so far the universe won
bump