Author Topic: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php  (Read 132865 times)

0 Members and 1 Guest are viewing this topic.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #30 on: June 27, 2006, 12:19:01 AM »
i can find the
"$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());" in the session file included in the zip file i just downloaded.
Its because that is the line you supposed to replace it with, not to find it....

as of comments spam, we have two mods image validation for comments, consider to use one of them.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline sajwal

  • Jr. Member
  • **
  • Posts: 61
    • View Profile
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #31 on: July 25, 2006, 11:26:21 PM »
I found that in ver 1.7.3
 the line $this->session_id = session_id();
 is not edited??? 8O

Should i make the changes in 1.7.3 also, as security reason?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #32 on: July 26, 2006, 12:22:00 AM »
No, v1.7.3 has different approach.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)