Author Topic: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability  (Read 155799 times)

0 Members and 1 Guest are viewing this topic.

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Security fix for Cross-Site Scripting Vulnerability

Open global.php and search for

Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));in Version 1.7.2 and 1.7.3 or
Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));in Version 1.7.1 and 1.7.

Add the following line below

Code: [Select]
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
« Last Edit: October 17, 2006, 09:51:02 AM by Jan »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #1 on: October 16, 2006, 12:45:50 PM »
... thanks Jan and Kai ...
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline Bugfixed

  • Jr. Member
  • **
  • Posts: 95
    • View Profile
    • http://www.lavinya.net
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #2 on: October 16, 2006, 07:47:10 PM »
thanks jan  :wink:
<?php Find Bug ?>

Offline honda2000

  • 4images Guru
  • *******
  • Posts: 3.263
    • View Profile
    • Wir machen Internet!
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #3 on: October 16, 2006, 11:33:23 PM »
ist das in Version 1.7.1 die Zeile??

Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht

Offline colorssky

  • Full Member
  • ***
  • Posts: 128
    • View Profile
    • http://www.nnjj.net
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #4 on: October 17, 2006, 01:54:09 AM »
thanx

done! :wink:

Offline __G__

  • Sr. Member
  • ****
  • Posts: 286
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #5 on: October 17, 2006, 04:03:43 AM »
thanks i am done :D

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #6 on: October 17, 2006, 09:51:44 AM »
ist das in Version 1.7.1 die Zeile??

Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht
Ja, ich hab den ersten Post entsprechend aktualisiert.
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline honda2000

  • 4images Guru
  • *******
  • Posts: 3.263
    • View Profile
    • Wir machen Internet!
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #7 on: October 17, 2006, 10:33:18 AM »
supi!! Danke!!!

Offline Eng_Man

  • Pre-Newbie
  • Posts: 4
    • View Profile
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #8 on: October 18, 2006, 12:48:51 AM »
thanks

Offline Heinrich-Uwe

  • Jr. Member
  • **
  • Posts: 85
    • View Profile
    • Oberlausitz Digital Foto- Reviews
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #9 on: October 19, 2006, 01:04:34 PM »
 :roll:
Hallo Jan;
Dumme Frage von mir  :roll:
Werden die Security fix gleich mit in den Download Packet mit eingearbeitet oder mus man das immer extra machen ???
Danke für die Antwort...
# :lol:

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #10 on: October 19, 2006, 01:35:12 PM »
Nein, die Fixes werden nur in neue Versionen eingearbeitet. Du musst den Patch also manuell einfügen. Eine neue Bugfix-Version ist schon in Arbeit.
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline wh-em

  • Newbie
  • *
  • Posts: 17
  • إمبراطورية وحيد ، أكبر دعم عربي للسكريبت 4images
    • View Profile
    • إمبراطورية وحيد
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #11 on: October 19, 2006, 10:06:18 PM »
hi
sory for bad english :)


is the New version 4images 1.7.3 released
in the Download page

http://www.4homepages.de/4images/download.php

fixed??


and thanks

Offline ivan

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 2.279
    • View Profile
    • Bilder Gallery
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #12 on: October 19, 2006, 10:22:45 PM »
see vanos post of german

No, those fixed only into new versions. You must insert the Patch manually. A new fixed version already is in work.

greets ivan
greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery

Offline wh-em

  • Newbie
  • *
  • Posts: 17
  • إمبراطورية وحيد ، أكبر دعم عربي للسكريبت 4images
    • View Profile
    • إمبراطورية وحيد
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #13 on: October 20, 2006, 02:31:34 AM »
thanks

there is 2 news in news box

did I must do it manually ??

and we wait the new fixed version


by

Offline egyptsons

  • Newbie
  • *
  • Posts: 47
    • View Profile
    • Egypt Sons
Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« Reply #14 on: October 21, 2006, 12:18:40 PM »
:arrow: Done ThanX Jan  8)
Thanx God

 

Post your comments here