 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 158 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
PHP Security Breach - Important |
|
 Tonino47 writes "As per article/recommendation at codezwiz.com
I urge all our users to make the following change to viewtopic.php (Forum
module) as a matter
of urgency. Open viewtopic.php in any text editor. Find the following section of
code:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
for($i = 0; $i
{
and replace with:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
for($i = 0; $i
{
Note: Please inform as many people as possible about this issue. If you're a
hosting provider please inform your customers if possible. Else we advise you
implement some level of additional security if you run ensim or have PHP running
cgi under suexec, etc."
|
|
Posted on Monday, December 06 @ 14:16:33 CET by VinDSL |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP Security Breach - Important (Score: 1)
by phantomk on Monday, December 06 @ 21:37:57 CET
(User Info | Send a Message) | | How many times are ppl going to post the same thing, yes its important, but I have seen this same topic at least 3 times on nukecops.com |
| | | | |
Re: PHP Security Breach - Important (Score: 1)
by checksum on Monday, December 06 @ 22:43:42 CET
(User Info | Send a Message) | Thank you for your post.
Not everyone can see it the first time or the second time...
|
| | | | |
Re: PHP Security Breach - Important (Score: 1)
by springmill on Tuesday, December 07 @ 08:44:14 CET
(User Info | Send a Message) | Thanks,
This was the first time I had seen this and I made the code changes last evening. In my particular case I did not have an ending } in my code so I chose not to include the one in your code to stay consistent. Can you tell me how to test that bit of code to make sure my changes were correct?
Kind Regards,
Greg McABee |
| | | | |
|
|
