Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Security Patch for PortailPHP 0.99

Security Patch for PortailPHP 0.99

by Nikola Strahija on November 29th, 2002 PRODUCT : PORTAILPHP http://www.yoopla.net/portailphp/ A nice PHP CMS


PROBLEM : XSS
SQL INJECTION
in /mod_search/index.php
read it for more details :)

SOLUTION : Download patch from http://www.phpsecure.org
or manually add this lines at beginning of /mod_search/index.php :
/* XSS AND SQL HOLES PATCHED BY WWW.PHPSECURE.ORG */
$rech = str_replace("'",'',$rech); // protection anti SQL injection
$BD_Tab_docs = str_replace('`','',$BD_Tab_docs); // idem
$BD_Tab_file = str_replace('`','',$BD_Tab_file); // idem
$BD_Tab_liens = str_replace('`','',$BD_Tab_liens); // idem
$BD_Tab_faq = str_replace('`','',$BD_Tab_faq); // idem
$chemin = htmlentities($chemin); // anti XSS
$App_Theme = htmlentities($App_Theme); // idem
$Rub_Search = htmlentities($Rub_Search); // idem
$Rub_News = htmlentities($Rub_News); // idem
$Rub_File = htmlentities($Rub_File); // idem
$Rub_Liens = htmlentities($Rub_Liens); // idem
$Rub_Faq = htmlentities($Rub_Faq); // idem
/* END OF SECURITY PATCH */
or wait for an official release ... at your own risks.

CREDITS : http://www.phpsecure.org


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »