PHP Security Breach - Important
Date: Monday, December 06 @ 14:16:33 CET Topic: Security
As per article/recommendation at codezwiz.com
I urge all our users to make the following change to viewtopic.php (Forum
module) as a matter
of urgency. Open viewtopic.php in any text editor. Find the following section of
code:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
for($i = 0; $i
{
and replace with:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
for($i = 0; $i
{
Note: Please inform as many people as possible about this issue. If you're a
hosting provider please inform your customers if possible. Else we advise you
implement some level of additional security if you run ensim or have PHP running
cgi under suexec, etc.
|
|