Problem: The user is allowed to upload files to a server (no pictures), may go beyond the limits permitted by the download folder, and if he has the administrator account on the site, then interrogate the script.
Error in: All versions
The degree of danger: Medium (High if the administrator account on the site)
To fix, open the file engine / inc / files.php and find:
$ Serverfile = trim (htmlspecialchars (strip_tags ($ _POST ['serverfile'])));
replace with:
if ($ member_id ['user_group'] == 1) $ serverfile = trim (htmlspecialchars (strip_tags ($ _POST ['serverfile']))); else $ serverfile ='';
if ($ serverfile! ='') (
$ Serverfile = str_replace ("\ \", "/", $ serverfile);
$ Serverfile = str_replace ("..", "", $ serverfile);
$ Serverfile = str_replace ("/", "", $ serverfile);
$ Serverfile_arr = explode (".", $ Serverfile);
$ Type = totranslit (end ($ serverfile_arr));
$ Curr_key = key ($ serverfile_arr);
unset ($ serverfile_arr [$ curr_key]);
if (in_array (strtolower ($ type), $ allowed_files))
$ Serverfile = totranslit (implode (".", $ Serverfile_arr)). "." . $ Type;
else $ serverfile ='';
}
if ($ serverfile == ". htaccess") die ("Hacking attempt!");
if ($ serverfile! ='') (
$ Serverfile = str_replace ("\ \", "/", $ serverfile);
$ Serverfile = str_replace ("..", "", $ serverfile);
$ Serverfile = str_replace ("/", "", $ serverfile);
$ Serverfile_arr = explode (".", $ Serverfile);
$ Type = totranslit (end ($ serverfile_arr));
$ Curr_key = key ($ serverfile_arr);
unset ($ serverfile_arr [$ curr_key]);
if (in_array (strtolower ($ type), $ allowed_files))
$ Serverfile = totranslit (implode (".", $ Serverfile_arr)). "." . $ Type;
else $ serverfile ='';
}
if ($ serverfile == ". htaccess") die ("Hacking attempt!");
Click file engine / classes / thumb.class.php and find:
$ This-> img ['des'] = imagecreatetruecolor ($ this-> img ['lebar_thumb'], $ this-> img ['tinggi_thumb']);
and add above:
if ($ this-> img ['lebar_thumb'] <1) $ this-> img ['lebar_thumb'] = 1;
if ($ this-> img ['tinggi_thumb'] <1) $ this-> img ['tinggi_thumb'] = 1;
if ($ this-> img ['tinggi_thumb'] <1) $ this-> img ['tinggi_thumb'] = 1;
Distribution version 8.5 has been updated.
