serialize problem in bridge file (phpbb) related to security issue with php serialize problem in bridge file (phpbb) related to security issue with php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

serialize problem in bridge file (phpbb) related to security issue with php

Started by Joe Belmaati, December 23, 2004, 02:45:21 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Joe Belmaati

December 23, 2004, 02:45:21 AM
The security flaw in php <4.3.10 has caused me to add a fix to my phpbb per this hack:

http://phpbbstyles.com/viewtopic.php?t=1904

Supposedly it fixes the known seciurity problems with php<4.3.10 but it also breaks the bridge file. Is there a fix around for this...?

Sincerely, and thank you very much!
Joe Belmaati
Copenhagen Denmark

Nibbler

#1
December 23, 2004, 01:22:33 PM
By the looks of it you can do the same with the bridge file, add the array
_unserialize function and change the call to unserialize to array_unserialize.

Joe Belmaati

#2
December 23, 2004, 02:46:36 PM
Where would I add the function - in the bridge file right before the unserialize?

Nibbler

#3
December 23, 2004, 02:51:01 PM
Add it just before function udb_authenticate()
Print
Go Up Pages1
User actions