A security patch for XFSections module is available - Modules - XOOPS News

XOOPS

News

News World of XOOPS Developers Hacks Themes Archive Submit News

Modules: A security patch for XFSections module is available

Posted by: ohwadaOn 2006/3/20 8:50:11 6485 reads

Important

The security hole was found in XFSection module.
V1.11 was released.
I recommend you to upgrade.

Here is XFsection 1.11

In this security hole, the cause is that GET variable are unfolding automatically.
I corrected all codes similar to this.

 foreach ($HTTP_GET_VARS as $k => $v) 
{    ${$k} = $v;    }

* The contents of change
There are bug fix altogether.
No additional functional.

1．Security
delete code "foreach ($HTTP_GET_VARS as $k => $v)"

2．corresponding to PHP5
(1) Fatal error: Cannot re-assign $this in include/functions.php
(2) Fatal error: Cannot redeclare class wfsfiles
(3) register_long_arrays = Off
replae $HTTP_*_VARS

3．page number is displayed too many

* changed files
Since I changed many files, it may be degraded.

The comments are owned by the author. We aren't responsible for their content.

Re: A security patch for XFSections module is available

svaha Published 03/20/2006 14:50 Just can't stay away Joined 08/02/2003 Comments 896

Thank you for this patch Ohwada

Re: A security patch for XFSections module is available

Jyotirmaya Published 03/20/2006 17:31 Not too shy to talk Joined 02/10/2005 Comments 105

Thanks.
Hope this will resolve This
problem.

Re: A security patch for XFSections module is available

Liger Published 03/20/2006 17:44 Just popping in Joined 01/26/2006 Comments 77

Thank you very much Ohwada

-JP

Re: A security patch for XFSections module is available

allnewtome Published 03/20/2006 21:21 Not too shy to talk Joined 11/30/2005 Comments 175

I use xfsection 1.10 which is excellent. However, I really can't understand this news item. Can someone explain it to me?

Re: A security patch for XFSections module is available

Published 05/02/2006 13:42 Joined Comments

Hi,

After i upgrade to ver 1.11 can't edit or delete any section.

by click on edit buttom the page just refresh.

Re: A security patch for XFSections module is available

albahrain Published 05/15/2006 19:19 Just popping in Joined 01/09/2006 Comments 28

hi,

===========================
After i upgrade to ver 1.11 can't edit or delete any section.

by click on edit buttom the page just refresh.
============================

me too

Re: A security patch for XFSections module is available

Shine Published 05/15/2006 20:51 Just can't stay away Joined 07/22/2002 Comments 822

Confirm the above categorie bugs.
Editing and/or deleting a categorie isn't possible

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

Modules: A security patch for XFSections module is available

Re: A security patch for XFSections module is available

Re: A security patch for XFSections module is available

Re: A security patch for XFSections module is available

Re: A security patch for XFSections module is available

Re: A security patch for XFSections module is available

Re: A security patch for XFSections module is available

Re: A security patch for XFSections module is available

Login

Search

Recent Comments

Re: New Admin Theme for XOOPS (Beta)

Sanford Pharmacy: Exceptional Pharmacy Services Tailored to You

Re: New Admin Theme for XOOPS (Beta)

Re: XOOPS 2.5.12 Beta-2 available for Testing

Re: XOOPS 2.5.12 Beta-2 available for Testing

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

Archives

News archives