homepage Welcome to WebmasterWorld Guest from 54.211.95.201
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
phpBB 2.0.13 Upgrade
New security related phpBB update
DigitalSorceress




msg:1560990
 4:06 am on Mar 3, 2005 (gmt 0)

just a heads-up to check www.phpbb.com for the latest update (version 2.0.13) There is a fix in it for a fairly serious admin access exploit.

Here's a quick summary of the security issue changes from 2.0.12 to 2.0.13:

OPEN sessions.php

FIND
* $Id: sessions.php,v 1.58.2.11 2004/07/11 16:46:19 acydburn Exp $

REPLACE WITH
* $Id: sessions.php,v 1.58.2.12 2005/02/27 20:33:01 acydburn Exp $

FIND
if( $sessiondata['autologinid'] == $auto_login_key )

REPLACE WITH
if( $sessiondata['autologinid'] === $auto_login_key )

OPEN viewtopic.php

FIND
* $Id: viewtopic.php,v 1.186.2.38 2005/02/21 18:37:06 acydburn Exp $

REPLACE WITH
* $Id: viewtopic.php,v 1.186.2.39 2005/02/27 20:33:00 acydburn Exp $

FIND
$message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

REPLACE WITH
$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

SAVE AND CLOSE ALL FILES

 

DigitalSorceress




msg:1560991
 4:09 am on Mar 3, 2005 (gmt 0)

OOPS! I missed the previous post ... sorry for the dupe

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved