Question regarding upgrade on customized cpq Question regarding upgrade on customized cpq
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Question regarding upgrade on customized cpq

Started by net, February 25, 2009, 09:30:46 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

net

February 25, 2009, 09:30:46 PM
Hi,

I've manually costumized alot of stuff on my CPG and i don't wish to go through all that again, is there anyway to get the actual code that is nessesary to avoid the SQL injection exploit without doing the full update?

I know this is not recommended, but i don't have time to fix all my galleries right now, a fast fix is needed.

I also noted on the exploit that "register_globals=on" is required for this exploit to actually work in the first place, i run my own webserver and that setting is off, am i in no trouble at all?

Thanks for the help.

Nibbler

#1
February 25, 2009, 10:03:05 PM
If register_globals is disabled then you are already safe.

If you extensively modify Coppermine (or any other script) it's a good idea to learn how to use a diff viewer so you can update your gallery. Even if a quick fix is posted for security issues you could still get bitten by bugs that have already been fixed.

net

#2
February 25, 2009, 11:48:02 PM
I already know how to use the diff viewer, just takes time going through every single file.

Thanks for the information nibbler, thread solved.
Print
Go Up Pages1
User actions