[建議] phpBB 2.0.6d 釋出 - 安全修正
發表於 : 2004-03-02 04:09
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594
打開
尋找\r
替換為\r
使用前,請務必檢查修正是否正確。phpBB 已經確定以上修正可以使用無誤,因此如果有任何問題,請再三檢查是否修正正確,並且不要修改到其他位置\r
~Mac
如何修正:A new release of phpBB 2.0.6 is now available for download, phpBB 2.0.6d. This addresses a vulnerability in viewtopic, a potential issue with login and may address current issues with Zend Optimizer 2.5.
打開
代碼: 選擇全部
viewtopic.php代碼: 選擇全部
//
// Decide how to order the post display
//
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];
$post_time_order = ($post_order == "asc") ? "ASC" : "DESC";
}
else
{
$post_order = 'asc';
$post_time_order = 'ASC';
} 代碼: 選擇全部
//
// Decide how to order the post display
//
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']);
$post_time_order = ($post_order == "asc") ? "ASC" : "DESC";
}
else
{
$post_order = 'asc';
$post_time_order = 'ASC';
} ~Mac