serialize problem in bridge file (phpbb) related to security issue with php serialize problem in bridge file (phpbb) related to security issue with php
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

serialize problem in bridge file (phpbb) related to security issue with php

Started by Joe Belmaati, December 23, 2004, 02:45:21 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Joe Belmaati

December 23, 2004, 02:45:21 AM
The security flaw in php <4.3.10 has caused me to add a fix to my phpbb per this hack:

http://phpbbstyles.com/viewtopic.php?t=1904

Supposedly it fixes the known seciurity problems with php<4.3.10 but it also breaks the bridge file. Is there a fix around for this...?

Sincerely, and thank you very much!
Joe Belmaati
Copenhagen Denmark

Nibbler

#1
December 23, 2004, 01:22:33 PM
By the looks of it you can do the same with the bridge file, add the array
_unserialize function and change the call to unserialize to array_unserialize.

Joe Belmaati

#2
December 23, 2004, 02:46:36 PM
Where would I add the function - in the bridge file right before the unserialize?

Nibbler

#3
December 23, 2004, 02:51:01 PM
Add it just before function udb_authenticate()
Print
Go Up Pages1
User actions