[Solved]: About the new security release [Solved]: About the new security release
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Solved]: About the new security release

Started by fotografi, August 06, 2008, 01:01:04 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

fotografi

August 06, 2008, 01:01:04 PM Last Edit: August 06, 2008, 02:39:04 PM by Nibbler
First I want to thank the team for the great job.
The problem for me is that I can not for the moment upgrade the whole functions.inc.php file because I did a lot of changes there.
Is possible to have only the lines of code to change in this file? I mean something step by step, like replace this with these.

Regards.

Abbas Ali

#1
August 06, 2008, 01:29:40 PM
In functions.inc.php [function user_get_profile]

Replace

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
        }


with

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
                $USER['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
        }


That is the only security related change in that file.
Chief Geek at Ranium Systems

fotografi

#2
August 06, 2008, 02:38:42 PM
Thank you Sir.

Regards

Joachim Müller

#3
August 06, 2008, 07:57:02 PM
For reference: the subject "About the new security release" is a bit vague. It should read "About the security release cpg1.4.19".

You could have used a diff viewer like WinMerge to figure out the changes
Print
Go Up Pages1
User actions