Author Topic: [1.7 - 1.7.9] Security fix for Multiple Path disclousure  (Read 7644 times)

0 Members and 1 Guest are viewing this topic.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.407
    • View Profile
    • 4images - Image Gallery Management System
[1.7 - 1.7.9] Security fix for Multiple Path disclousure
« on: April 11, 2011, 10:47:42 AM »
A multiple path disclousure vulnerability in 4images 1.7 - 1.7.9 has been found.

To fix this:

In global.php

find


$action 
= (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim($HTTP_POST_VARS['action'])) :
stripslashes(trim($HTTP_GET_VARS['action']));


and replace with


$action 
= (isset($HTTP_POST_VARS['action'])) ? 
stripslashes(trim((string)$HTTP_POST_VARS['action'])) : 
stripslashes(trim((string)$HTTP_GET_VARS['action']));


find


$mode 
= (isset($HTTP_POST_VARS['mode'])) ? 
stripslashes(trim($HTTP_POST_VARS['mode'])) : 
stripslashes(trim($HTTP_GET_VARS['mode']));


and replace with


$mode 
= (isset($HTTP_POST_VARS['mode'])) ? 
stripslashes(trim((string)$HTTP_POST_VARS['mode'])) : 
stripslashes(trim((string)$HTTP_GET_VARS['mode']));


find


$search_keywords 
= (isset($HTTP_POST_VARS['search_keywords'])) ? 
trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);


and replace with


$search_keywords 
= (isset($HTTP_POST_VARS['search_keywords'])) ?
trim((string)$HTTP_POST_VARS['search_keywords']) :
trim((string)$HTTP_GET_VARS['search_keywords']);


find


$search_user 
= (isset($HTTP_POST_VARS['search_user'])) ?
trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);


and replace with


$search_user 
= (isset($HTTP_POST_VARS['search_user'])) ?
trim((string)$HTTP_POST_VARS['search_user']) :
trim((string)$HTTP_GET_VARS['search_user']);


and in includes/page_header.php

find

$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ?
unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();


and replace with

$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ",
stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();


find

setcookie($cookie_name.'rated'serialize($cookie_rated), $cookie_expire,
COOKIE_PATHCOOKIE_DOMAINCOOKIE_SECURE);


and replace with

setcookie($cookie_name.'rated'implode(" "$cookie_rated), $cookie_expire,
COOKIE_PATHCOOKIE_DOMAINCOOKIE_SECURE);
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search