Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 155804 times)

0 Members and 1 Guest are viewing this topic.

Offline RoadDogg

  • Sr. Member
  • ****
  • Posts: 488
    • View Profile
    • Düsipixel
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #15 on: October 21, 2006, 10:01:40 PM »
Thank you verry much!
For support requests please don´t forget link to your Gallery/to phpinfo.php
Code: [Select]
<?
phpinfo()
?>
safe_mode must turned OFF
Please check Error Messages

Offline devilsoulblack

  • Pre-Newbie
  • Posts: 6
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #16 on: October 21, 2006, 10:43:33 PM »
thanks dude

Offline ahmad

  • Newbie
  • *
  • Posts: 14
  • Ahmad Alfy
    • View Profile
    • Portsaid-Online.com
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #17 on: October 21, 2006, 10:56:35 PM »
Thanks for the fix dude
updating my gallery now !

Offline beach-baer

  • Newbie
  • *
  • Posts: 20
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #18 on: October 21, 2006, 11:02:23 PM »
Das klappt wie immer Prima bei euch :D, Thanks

Offline Sternie

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #19 on: October 21, 2006, 11:04:50 PM »
kann mir das bitte nochmal jemand verdeutschen, um was für ein Security Fix es sich handelt und wo genau ich die Zeile einsetzen soll? Genau unter die Zeile zwischen die Zeile und der darunterbefindlichen klammer?

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #20 on: October 21, 2006, 11:13:27 PM »
damit wird eine sicherheits lücke geschlossen

wenn du v 1.7.2 oder 1.7.3 hast
öffne global.php und suche nach
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

oder wenn du 1.7 bis 1.7.1 hast
suche nach
Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

gleich drunter füge diese zeile ein

Code: [Select]
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);

so.. hoffe dies war in gutem deutsch :)

grüsse von einem nicht deutschen ;)
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline Sternie

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #21 on: October 21, 2006, 11:21:10 PM »
danke Nicky  :D grade bei solchen 'komplizierten' Sachen in denen ich mich absolut nicht auskenne bin ich mir in meinem Stolperenglisch immer zu unsicher irgendetwas auf GutGlück zu machen :)

War eine gute deutsche Anweisung :)

Sieht jetzt bei mir so aus:

$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}

richtig?

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #22 on: October 21, 2006, 11:24:09 PM »
schönheitsfehler *g*

Code: [Select]
  $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);

so ist viel schöner ;)
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline Sternie

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #23 on: October 21, 2006, 11:26:44 PM »
danke schön, so steht es auch in der Datei, hab hier aber diese Codebox zum Posten nicht gefunden  :oops:

Offline ladyoz

  • Newbie
  • *
  • Posts: 15
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #24 on: October 22, 2006, 12:32:34 AM »
Thanks muchly guys  :D
Despite the cost of living, it's still popular ...

Offline Stinus

  • Newbie
  • *
  • Posts: 12
    • View Profile
    • Veteranbrannbiler - Old Fire Truck
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #25 on: October 22, 2006, 01:03:52 AM »
Thank you verry much. :wink:
Updatet.
Stian


A site about Old Fire Truck - Gallery - Forum

Offline haythamghareeb

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #26 on: October 22, 2006, 01:43:04 AM »
Thanks  :lol:

Offline Matpatnik

  • Pre-Newbie
  • Posts: 3
    • View Profile
    • RuneFr.com
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #27 on: October 22, 2006, 03:17:09 AM »
cool thank you :D

Offline Playgirl

  • Pre-Newbie
  • Posts: 2
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #28 on: October 22, 2006, 06:12:07 AM »
Thank you :D

Offline Syslord

  • Pre-Newbie
  • Posts: 8
    • View Profile
    • reinigungsforum
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #29 on: October 22, 2006, 10:11:54 AM »
Nice Thank you