Jump to content
InvisionCommunity.de - Der Deutsche Invision Community Support
Sign in to follow this  
IPBSupport News

Sicherheits Update für IPB 1.3

Recommended Posts

An update has been prepared to ensure security and safety of your Invision Power Board.

We have received notification of two minor issues that although require some URL crafting and a specific set of circumstances to occur we feel it's always best to address any and all issues to ensure the very best security.

The update is very simple to apply, simply go to the download center and download the "IPB 1.3 Security Update 12-16 (1.3)" package, unzip and upload "sources/functions.php" and "sources/Forums.php" overwriting the copies on your installation.

The main download files have been updated.

Download Center

My thanks to those that contacted us in private about these issues.

-> Ladet das Update herunter und ersetzt mit den enthaltenen Dateien die entsprechenden Eures Forums.

Share this post


Link to post

Die einzelnen Änderungen im Detail für Leute, die Modifikationen drin haben.

functions.php

Suchen:

    /*-------------------------------------------------------------------------*/

    // Makes incoming info "safe"              

    /*-------------------------------------------------------------------------*/

    

    function parse_incoming()

    {

   	 global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_CLIENT_IP, $REQUEST_METHOD, $REMOTE_ADDR, $HTTP_PROXY_USER, $HTTP_X_FORWARDED_FOR;

   	 $return = array();

   	 

  if( is_array($HTTP_GET_VARS) )

  {

 	 while( list($k, $v) = each($HTTP_GET_VARS) )

 	 {
Direkt darunter einfügen:
    if ( $k == 'INFO' )

    {

   	 continue;

    }

    
Forums.php Suchen:
if ( (!isset($sort_keys[$sort_key])) and (!isset($prune_by_day[$prune_value])) and (!isset($sort_by_keys[$sort_by])) )

  {

      $std->Error( array( LEVEL=> 5, MSG =>'incorrect_use') );

     }
Ersetzen mit:
  if ( (!isset($sort_keys[$sort_key])) or (!isset($prune_by_day[$prune_value])) or (!isset($sort_by_keys[$sort_by])) )

  {

      $std->Error( array( LEVEL=> 5, MSG =>'incorrect_use') );

     }

Ansonsten hat sich laut WinMerge nur der Kommentarheader geändert. :)

Share this post


Link to post
Sign in to follow this  

×