Sec-Fix Patch 7.0
Date: Saturday, December 13 @ 11:56:13 CET
Topic: PHP-Nuke


After quite some time since the last sec-fix patch release here is the newest one, it was made with PHP-Nuke 7.0 Final as its base although some of the items covered might apply to older versions. As usual this sec-fix patch comes with detailed instructions on how to apply the changes manually for those with modified core files, users of PHP-Nuke 7.0 without heavy modifications can simply upload the included files, else, and if using older versions of PHP-Nuke, you can follow the instructions in fixchanges.txt to patch your site and/or check if the fixes apply to your current version.

Download here, click on the "read more" link to view the list of fixes.

Note: The included files are core 7.0 final files with the fixes applied and as such differ from those offered in PHP-Nuke Patched in that the abstraction layer is the same one used on the core files by default.

1-mainfile.php includes a $grp variable that is not used.
2-Missing $sitename variable in Downloads admin section.
3-Duplicate sql query in Downloads admin section.
4-$ThemeSel variable not defined in downloads admin.
5-Incorrect use of $module_name in Downloads admin.
6-Missing $dbi call in Encyclopedia admin section.
7-$ThemeSel variable not defined in links admin.
8-Incorrect use of $module_name in Links admin.
9-Missing globals in LinksAddLink op.
10-Incorrect fetchrow call in block-Forums.php.
11-Missing globals in Avantgo module.
12-Incorrect fetchrow call in Encyclopedia module.
13-Incorrect fetchrow call in News module.
14-Missing global in Your_Account module.
15-Duplicate sql query in Downloads module.
16-Merged lines in Web_Links module.
17-Merged lines in Downloads module.
18-Incorrect block filename in block-User_Info.php.
19-Incorrect variable number in Web_Links module.
20-Missing $result variable in Your_Account module.
21-Incorrect datestring in spanish language file.





This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=1160