Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 155810 times)

0 Members and 1 Guest are viewing this topic.

Offline Adson

  • Newbie
  • *
  • Posts: 33
  • Joerg - Laie - Lernfähig
    • View Profile
    • joergsimon-page.de
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #30 on: October 22, 2006, 10:12:30 AM »
Hi,

ein Gedanke... Die Danksagungen sind super und auch sehr gut. Nur machen sie es u.U. ziemlich unübersichtlich, zu technischen INhalten zu kommen. Man kann dadurch leicht was übersehen. Kann man die nicht ausserhalb des eigentlichen Threads anbringen?

Übrigens Jan: Danke.

 :)

Grüße, Jörg

Offline medo007

  • Newbie
  • *
  • Posts: 29
  • Internet addict
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #31 on: October 22, 2006, 01:35:57 PM »
Thank you very much! :D
mEDO

Offline KimmyMarie

  • Newbie
  • *
  • Posts: 30
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #32 on: October 22, 2006, 04:23:05 PM »
Thank you very much Jan!





Best wishes,
Kimmy

Offline Fotopez

  • Pre-Newbie
  • Posts: 7
    • View Profile
    • Team Austriafoto.at  Schwerpunkt Tier und Naturfotos - Wildlife
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #33 on: October 22, 2006, 04:56:43 PM »
Dankeschön!  :)

Offline theking6

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #34 on: October 22, 2006, 06:09:24 PM »
Vielen herzlichen Dank

Offline linux_rh

  • Newbie
  • *
  • Posts: 34
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #35 on: October 22, 2006, 07:50:04 PM »
first of all  i would thank 4images group for sending me  this massege  for  fixing  the bug in 4images

every thing is done

the bugs fix

thank you agian


Offline Zhra

  • Newbie
  • *
  • Posts: 13
    • View Profile
    • Zhra Net
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #36 on: October 23, 2006, 02:26:18 AM »
Thanks so much  :wink:
have been Updated  :D

Offline wallpapers

  • Full Member
  • ***
  • Posts: 107
    • View Profile
    • Tuned-Cars.Net
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #37 on: October 29, 2006, 08:25:34 PM »
I'm maby stupid but what is " Cross-Site Scripting Vulnerability" i have never heard about it  :roll:



Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #39 on: November 01, 2006, 10:32:04 AM »
Hi,

I just applied the security fix and viewed the result.

The page in general looks like it has been before but on the Top of the page there are now a lot of additional system messages:  8O

Code: [Select]
cache[$row['cat_id']] = $row['new_images']; } $site_db->free_result(); // -------------------------------------- $sql = "SELECT cat_id, COUNT(*) AS num_images FROM ".IMAGES_TABLE." WHERE image_active = 1 GROUP BY cat_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $cat_cache[$row['cat_id']]['num_images'] = $row['num_images']; } $site_db->free_result(); } //end if GET_CACHES ?>
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

I integrated the gallery in the layout of my site. Can it be that the script tries to modify that layout now too?
What can these messages mean?  :?

regards

BitBull
« Last Edit: November 01, 2006, 11:26:01 AM by BitBull »

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #40 on: November 01, 2006, 11:25:26 AM »
 8O I tried to log on as registered user ...

There are even more of these messages and I am not able to log in anymore!  :?: :?: :?:

Some guesses somewhere?

regards

BitBull

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #41 on: November 01, 2006, 12:30:44 PM »
seams your global.php is strange...
uploaded as binary... edited with nonconform editor.
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #42 on: November 01, 2006, 12:45:07 PM »
Hmmm ... I guess thats not the problem really.

I am using Phase 5 (HTML Editor). I am using that editor ever and I did all my work on my sites with that editor.

I also removed the fix in global.php with this editor and everything works properly again ...

... but so I haven't applied the security fix.

Any other idea?

thanks and regards

BitBull

Offline Nicky

  • Administrator
  • 4images Guru
  • *****
  • Posts: 3.195
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #43 on: November 01, 2006, 12:56:46 PM »
then is something else..
like you can see, all ppl. don't have a problem with it.
cheers
Nicky
Your first three "must do" before you ask a question ! (© by V@no)
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

nicky.net 4 4images
Signature stolen from mawenzi

Offline BitBull

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #44 on: November 01, 2006, 01:05:26 PM »
most certainly yes! :wink:

But hopefully someone can "understand" these messages and give me a hint where the problem could be to find ... :roll:

For me it seems that it has something to do with the header-file because there I integrated the menu etc. of my site. Can it be that with these additions the new line in the global.php has a problem? ...

The mentioned 2 lines in the sessions.php are:
86:
Code: [Select]
    session_start();
and 94:
Code: [Select]
    setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
BitBull
« Last Edit: November 01, 2006, 01:24:03 PM by BitBull »