starboy_tehran
Member
سلام
من اينو تست نكردم . و نميدونم مشكل داره يا نه
فقط رو يه سايت ديدم
گفتم شايد به درد بخوره
اگه مفيد بود دعامون كنيد
اينم از كدهاش :
Open common.php
FIND - Line 43
REPLACE WITH
There was one bug introduced by a security fix in 2.0.9 making submitting
board settings with single quotes (for example the board description) buggy.
This has been fixed by the following change:
Open admin/admin_board.php
FIND - Line 46
REPLACE WITH
There was a problem caused by the unsetting of global vars. Because the
style system itself makes two variables global, deleting styles no longer
worked. To fix this problem, the following change is necessary:
Open admin/admin_styles.php
FIND - Line 49
AFTER, ADD
Some users reported problems with the jumpbox not working within the
moderator control panel. The fix:
Open includes/functions.php
FIND - Line 190
REPLACE WITH
Amit Klein and Ory Segal reported a vulnerability with redirects (Apache users
are not affected by this), which is fixed by these changes:
Open includes/functions.php
FIND - Line 743
AFTER, ADD
Open login.php
FIND - Line 96
AFTER, ADD
FIND - Line 116
AFTER, ADD
Searching for authors sometimes lead to no results, even if the author existed. This is due to special
chars within the username, now searching for these is working correctly:
Open search.php
FIND - Line 62
AFTER, ADD
من اينو تست نكردم . و نميدونم مشكل داره يا نه
فقط رو يه سايت ديدم
گفتم شايد به درد بخوره
اگه مفيد بود دعامون كنيد
اينم از كدهاش :
Open common.php
FIND - Line 43
کد:
// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';
$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');
foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
}
if (is_array(${$var}))
{
unset_vars(${$var});
}
}
if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
}
if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
}REPLACE WITH
کد:
// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';
$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');
foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
@reset(${$var_prefix . $var . $var_suffix});
}
if (is_array(${$var}))
{
unset_vars(${$var});
@reset(${$var});
}
}
if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
@reset(${'_FILES'});
}
if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
@reset(${'HTTP_POST_FILES'});
}
}
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
}There was one bug introduced by a security fix in 2.0.9 making submitting
board settings with single quotes (for example the board description) buggy.
This has been fixed by the following change:
Open admin/admin_board.php
FIND - Line 46
کد:
$default_config[$config_name] = str_replace("'", "\'", $config_value);REPLACE WITH
کد:
$default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;There was a problem caused by the unsetting of global vars. Because the
style system itself makes two variables global, deleting styles no longer
worked. To fix this problem, the following change is necessary:
Open admin/admin_styles.php
FIND - Line 49
کد:
require('./pagestart.' . $phpEx);AFTER, ADD
کد:
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;Some users reported problems with the jumpbox not working within the
moderator control panel. The fix:
Open includes/functions.php
FIND - Line 190
کد:
if ( !empty($SID) )
{
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
}REPLACE WITH
کد:
// Let the jumpbox work again in sites having additional session id checks.
// if ( !empty($SID) )
// {
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
// }Amit Klein and Ory Segal reported a vulnerability with redirects (Apache users
are not affected by this), which is fixed by these changes:
Open includes/functions.php
FIND - Line 743
کد:
if (!empty($db))
{
$db->sql_close();
}AFTER, ADD
کد:
if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}Open login.php
FIND - Line 96
کد:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);AFTER, ADD
کد:
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}FIND - Line 116
کد:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);AFTER, ADD
کد:
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}Searching for authors sometimes lead to no results, even if the author existed. This is due to special
chars within the username, now searching for these is working correctly:
Open search.php
FIND - Line 62
کد:
$search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];AFTER, ADD
کد:
$search_author = htmlspecialchars($search_author);
