Erweiterte Version xtcPC-S-B > Allgemein

Security Update 16.06.2012

(1/1)

genndus:
Hallo,

es wurde eine Sicherheitslücke entdeckt diese betrifft fasst alle xt:Commerce Forks.
Einen Patch für xtcPC-S-B-05b-06-01-2011 gibts hier zum Download.
http://www.internet-service-backes.de/download/Security-Update-16-06-2012.zip

Manuelles ändern suche in der Datei admin/includes/application_top.php nach folgendem Code:

--- Code: ---$current_page = preg_split('/\?/', basename($_SERVER['PHP_SELF'])); $current_page = $current_page[0]; // for BadBlue(Win32) webserver compatibility  // Hetfield - 2009-08-18 - replaced depricated function split with preg_split to be ready for PHP >= 5.3
if (file_exists(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.$current_page)) {
  include(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.  $current_page);
}

// write customers status in session
require('../' . DIR_WS_INCLUDES . 'write_customers_status.php');
--- Ende Code ---

Das muss mit folgendem Code ersetzt werden:

--- Code: ---$current_page = explode('?', basename($_SERVER['PHP_SELF']));
$current_page = $current_page[0]; // for BadBlue(Win32) webserver compatibility
if (file_exists(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.$current_page)) {
  include(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.  $current_page);
}

// write customers status in session
require('../' . DIR_WS_INCLUDES . 'write_customers_status.php');
if(file_exists($current_page) == false
  || $_SESSION['customers_status']['customers_status_id'] !== '0') {
    xtc_redirect(xtc_href_link(FILENAME_LOGIN));
}
--- Ende Code ---

LG
genndus

Navigation

[0] Themen-Index

Zur normalen Ansicht wechseln