phpwcms <= 1.2.6
Posted: Wed 3. Oct 2007, 08:45
I have found another problem for releases <= 1.2.6 where your system can be injected in case register_globals = On.
in login.php around line 45-63:
Change line <-----------{2} to:
And please - set register_globals = Off.
But it's highly recommend to update your installation to current release!
Oliver
in login.php around line 45-63:
Code: Select all
....
if(isset($_POST['form_lang'])) {
$_SESSION["wcs_user_lang"] = strtolower(substr(clean_slweg($_POST['form_lang']), 0, 2));
}
if(!isset($_SESSION["wcs_user_lang"])) { //<-----------{1}
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$_SESSION["wcs_user_lang"] = strtolower( substr( $_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2 ) );
} else {
$_SESSION["wcs_user_lang"] = strtolower($phpwcms["default_lang"]);
}
}
if(isset($BL[strtoupper($_SESSION["wcs_user_lang"])]) && file_exists('include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php')) {
$lang_file_include = 'include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php'; //<-----------{2}
$_SESSION["wcs_user_lang_custom"] = 1;
} else {
$lang_file_include = 'include/inc_lang/backend/en/lang.inc.php';
$_SESSION["wcs_user_lang"] = "en"; //by ono
$_SESSION["wcs_user_lang_custom"] = 0;
}
require_once ($lang_file_include); //<-----------{3}
Code: Select all
$lang_file_include = 'include/inc_lang/backend/'.strtolower(substr($_SESSION["wcs_user_lang"], 0, 2)).'/lang.inc.php';
But it's highly recommend to update your installation to current release!
Oliver