Security Alert NO:1

check this often to be informed about any security problem that was reported.
Locked
User avatar
Oliver Georgi
Site Admin
Posts: 9888
Joined: Fri 3. Oct 2003, 22:22
Contact:

Security Alert NO:1

Post by Oliver Georgi »

There is a security problem in older releases
reported by Pascal Suter (07-05-2004 20:07)

===========================================

It is IMPORTANT to fix your

Code: Select all

 front.func.inc.php

in "include/inc_front".

If you can update to the most current version.


1) Replace function include_ext_php
-----------------------------------

Code: Select all

function include_ext_php($inc_file) {
        // includes an external PHP script file and returns
        // the result as string from buffered include content
        $ext_php_content = '';
        //check if this is a local file
        if(is_file($inc_file)) {
                
                $this_path = str_replace("\\", '/', dirname(realpath($inc_file)));
                $this_path = preg_replace('/\/$/', '', $this_path);
                
                $root_path = str_replace("\\", '/', PHPWCMS_ROOT);
                $root_path = preg_replace('/\/$/', '', $root_path);
                
                if(strpos($this_path, $root_path) === 0) {
                        ob_start();
                        include $inc_file;
                        $ext_php_content = ob_get_contents();
                        ob_end_clean();
                }
        }
        return $ext_php_content;
}


2) Replace FUNCTION include_int_php
-----------------------------------

Code: Select all

function include_int_php($string) {
        // return the PHP var value
        $s = html_despecialchars($string[1]);
        if(strpos($s,'$GLOBALS')===false) {
                $s = preg_replace('/^\$(.*?)\[(.*?)/si', '$GLOBALS["$1"][$2', $s);
                if(substr($s,strlen($s)-1) != ']') {
                        $s = str_replace('$', '', $s);
                        $s = '$GLOBALS["'.$s.'"]';
                        //$s = preg_replace('/^\$(.*?)/si', '$GLOBALS["$1"]', $s);
                }
        }
        $s = str_replace('$phpwcms', '$notavailable', $s);
        $s = str_replace('["phpwcms"]', '["notavailable"]', $s);
        $s = str_replace("['phpwcms']", '["notavailable"]', $s);
        ob_start();
        eval('echo '.$s.';');
        $return = ob_get_contents();
        ob_end_clean();
        return $return;
}

You can download this file at SourceForge.net // All files

Oliver Georgi // 08-05-2004 // 01:28
Oliver Georgi | phpwcms Developer | GitHub | LinkedIn | Систрон
Locked