Back to this.rand()   News   Forums  

Printer Friendly Version | Email News Story
Security Update 3.5.16
Posted by Xnuiem on Aug-01-2008 04:44

Due to a recent security hole found in PHPX, here is a patch:

 in /includes/functions.inc.php lines 75 to 89 is the function checkCookie().  In this function change the line:

list($user_id, $username) = $this->core->db->fetch("select user_id, username from 
 users where sess = '$_COOKIE[PXL]'");
to 
list($user_id, $username) = $this->core->db->fetch("select user_id,
 username from users where sess = '" . htmlspecialchars($_COOKIE[PXL]) . "'");
 
That will plug this hole. 

 

 



 
703 bytes in body | Comments (1)

 

           older news stories...
<< PHPX is finished  >>
Rebell
PHPX 1337
Avatar
Joined: Jul-29-2003
Germany
Posts: 399


Posted: Aug-08-2008 16:25 Subject: RE:
Thanks for fixing that !!!!

You should update the latest files - thanks !

Smilie

[Edited by Rebell on Aug-08-2008 18:35]

www.deltaforceteam.de - visit my phpX website
User Offline Website Email User User Profile Ignore User Report Post to Moderator | IP: Logged | Back to Top

Copyright ©2004 PHPX