[Solved]: About the new security release [Solved]: About the new security release
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

[Solved]: About the new security release

Started by fotografi, August 06, 2008, 01:01:04 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

fotografi

August 06, 2008, 01:01:04 PM Last Edit: August 06, 2008, 02:39:04 PM by Nibbler
First I want to thank the team for the great job.
The problem for me is that I can not for the moment upgrade the whole functions.inc.php file because I did a lot of changes there.
Is possible to have only the lines of code to change in this file? I mean something step by step, like replace this with these.

Regards.

Abbas Ali

#1
August 06, 2008, 01:29:40 PM
In functions.inc.php [function user_get_profile]

Replace

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
        }


with

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
                $USER['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
        }


That is the only security related change in that file.
Chief Geek at Ranium Systems

fotografi

#2
August 06, 2008, 02:38:42 PM
Thank you Sir.

Regards

Joachim Müller

#3
August 06, 2008, 07:57:02 PM
For reference: the subject "About the new security release" is a bit vague. It should read "About the security release cpg1.4.19".

You could have used a diff viewer like WinMerge to figure out the changes
Print
Go Up Pages1
User actions