serialize problem in bridge file (phpbb) related to security issue with php

Joe Belmaati · December 23, 2004, 02:45:21 AM

The security flaw in php <4.3.10 has caused me to add a fix to my phpbb per this hack:

http://phpbbstyles.com/viewtopic.php?t=1904

Supposedly it fixes the known seciurity problems with php<4.3.10 but it also breaks the bridge file. Is there a fix around for this...?

Sincerely, and thank you very much!
Joe Belmaati
Copenhagen Denmark

Nibbler · December 23, 2004, 01:22:33 PM

By the looks of it you can do the same with the bridge file, add the array
_unserialize function and change the call to unserialize to array_unserialize.

Joe Belmaati · December 23, 2004, 02:46:36 PM

Where would I add the function - in the bridge file right before the unserialize?

Nibbler · December 23, 2004, 02:51:01 PM

Add it just before function udb_authenticate()

coppermine-gallery.com/forum

News:

serialize problem in bridge file (phpbb) related to security issue with php

Joe Belmaati

Nibbler

Joe Belmaati

Nibbler