[Solved]: About the new security release [Solved]: About the new security release
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

[Solved]: About the new security release

Started by fotografi, August 06, 2008, 01:01:04 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

fotografi

August 06, 2008, 01:01:04 PM Last Edit: August 06, 2008, 02:39:04 PM by Nibbler
First I want to thank the team for the great job.
The problem for me is that I can not for the moment upgrade the whole functions.inc.php file because I did a lot of changes there.
Is possible to have only the lines of code to change in this file? I mean something step by step, like replace this with these.

Regards.

Abbas Ali

#1
August 06, 2008, 01:29:40 PM
In functions.inc.php [function user_get_profile]

Replace

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
        }


with

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
                $USER['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
        }


That is the only security related change in that file.
Chief Geek at Ranium Systems

fotografi

#2
August 06, 2008, 02:38:42 PM
Thank you Sir.

Regards

Joachim Müller

#3
August 06, 2008, 07:57:02 PM
For reference: the subject "About the new security release" is a bit vague. It should read "About the security release cpg1.4.19".

You could have used a diff viewer like WinMerge to figure out the changes
Print
Go Up Pages1
User actions