4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kai on April 11, 2011, 10:47:42 AM

Title: [1.7 - 1.7.9] Security fix for Multiple Path disclousure
Post by: kai on April 11, 2011, 10:47:42 AM

A multiple path disclousure vulnerability in 4images 1.7 - 1.7.9 has been found.

To fix this:

In global.php

find


$action = (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim($HTTP_POST_VARS['action'])) :
stripslashes(trim($HTTP_GET_VARS['action']));


and replace with


$action = (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim((string)$HTTP_POST_VARS['action'])) :
stripslashes(trim((string)$HTTP_GET_VARS['action']));


find


$mode = (isset($HTTP_POST_VARS['mode'])) ?
stripslashes(trim($HTTP_POST_VARS['mode'])) :
stripslashes(trim($HTTP_GET_VARS['mode']));


and replace with


$mode = (isset($HTTP_POST_VARS['mode'])) ?
stripslashes(trim((string)$HTTP_POST_VARS['mode'])) :
stripslashes(trim((string)$HTTP_GET_VARS['mode']));


find


$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ?
trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);


and replace with


$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ?
trim((string)$HTTP_POST_VARS['search_keywords']) :
trim((string)$HTTP_GET_VARS['search_keywords']);


find


$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);


and replace with


$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim((string)$HTTP_POST_VARS['search_user']) :
trim((string)$HTTP_GET_VARS['search_user']);


and in includes/page_header.php

find

$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ?
unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();

and replace with

$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ",
stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();

find

setcookie($cookie_name.'rated', serialize($cookie_rated), $cookie_expire,
COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);

and replace with

setcookie($cookie_name.'rated', implode(" ", $cookie_rated), $cookie_expire,
COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);