Hallo,
es wurde eine Sicherheitslücke entdeckt diese betrifft fasst alle xt:Commerce Forks.
Einen Patch für xtcPC-S-B-05b-06-01-2011 gibts hier zum Download.
http://www.internet-service-backes.de/download/Security-Update-16-06-2012.zipManuelles ändern suche in der Datei admin/includes/application_top.php nach folgendem Code:
$current_page = preg_split('/\?/', basename($_SERVER['PHP_SELF'])); $current_page = $current_page[0]; // for BadBlue(Win32) webserver compatibility // Hetfield - 2009-08-18 - replaced depricated function split with preg_split to be ready for PHP >= 5.3
if (file_exists(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.$current_page)) {
include(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'. $current_page);
}
// write customers status in session
require('../' . DIR_WS_INCLUDES . 'write_customers_status.php');Das muss mit folgendem Code ersetzt werden:
$current_page = explode('?', basename($_SERVER['PHP_SELF']));
$current_page = $current_page[0]; // for BadBlue(Win32) webserver compatibility
if (file_exists(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.$current_page)) {
include(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'. $current_page);
}
// write customers status in session
require('../' . DIR_WS_INCLUDES . 'write_customers_status.php');
if(file_exists($current_page) == false
|| $_SESSION['customers_status']['customers_status_id'] !== '0') {
xtc_redirect(xtc_href_link(FILENAME_LOGIN));
}LG
genndus
Autor
Thema: Security Update 16.06.2012 (Gelesen 3970 mal)