IPBSupport News 8 Report post Posted December 16, 2003 An update has been prepared to ensure security and safety of your Invision Power Board. We have received notification of two minor issues that although require some URL crafting and a specific set of circumstances to occur we feel it's always best to address any and all issues to ensure the very best security. The update is very simple to apply, simply go to the download center and download the "IPB 1.3 Security Update 12-16 (1.3)" package, unzip and upload "sources/functions.php" and "sources/Forums.php" overwriting the copies on your installation. The main download files have been updated. Download Center My thanks to those that contacted us in private about these issues. -> Ladet das Update herunter und ersetzt mit den enthaltenen Dateien die entsprechenden Eures Forums. Share this post Link to post
IPBSupport News 8 Report post Posted December 16, 2003 Die einzelnen Änderungen im Detail für Leute, die Modifikationen drin haben. functions.php Suchen: /*-------------------------------------------------------------------------*/ // Makes incoming info "safe" /*-------------------------------------------------------------------------*/ function parse_incoming() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_CLIENT_IP, $REQUEST_METHOD, $REMOTE_ADDR, $HTTP_PROXY_USER, $HTTP_X_FORWARDED_FOR; $return = array(); if( is_array($HTTP_GET_VARS) ) { while( list($k, $v) = each($HTTP_GET_VARS) ) { Direkt darunter einfügen: if ( $k == 'INFO' ) { continue; } Forums.php Suchen: if ( (!isset($sort_keys[$sort_key])) and (!isset($prune_by_day[$prune_value])) and (!isset($sort_by_keys[$sort_by])) ) { $std->Error( array( LEVEL=> 5, MSG =>'incorrect_use') ); } Ersetzen mit: if ( (!isset($sort_keys[$sort_key])) or (!isset($prune_by_day[$prune_value])) or (!isset($sort_by_keys[$sort_by])) ) { $std->Error( array( LEVEL=> 5, MSG =>'incorrect_use') ); } Ansonsten hat sich laut WinMerge nur der Kommentarheader geändert. :) Share this post Link to post