PHP-Nuke 7.3 security and bug fix update.
Fixes:
Path disclosure in security check of files.
Included instructions mainly cover that one but included files also cover:
Sql Injection filter update
Stories categories show as already existing even if they don't.
Missing semi-colon in admin stories file
Downloads orderby fix
Mailpasswd username length limit
Incorrect user validation in Your Account module
Stories with timestamp 00:00:00 don't show in Stories_Archive.
Single quotes in content category description.
Multiple vulnerabilities SQL injection and XSS
Download here.Note:
Update: Forum files removed from patch and security fix applied to the Reviews module.
Related
Re: Sec-Fix Patch 7.3 (Score: 1) |  | Is this INSTEAD of the Patched 7.3 file? |
| Re: Sec-Fix Patch 7.3 (Score: 1) by chatserv on Tuesday, June 08, 2004 @ 00:47:22 CDT (User Info | Send a Message) http://www.scriptheaven.net | |
These files can be used over Nuke Patched 2.4 for PHP-Nuke 7.3 but the only of these fixes missing from Nuke Patched is the first one so you could also add that one manually although i'm aware it requires changing a line on many files, but as i said these can be used in replacement for Nuke Patched if using Nuke 7.3. Nuke Patched will be updated shortly, it will be moved to version 2.5 |
| Re: Sec-Fix Patch 7.3 (Score: 1) by SmackDaddy on Tuesday, June 08, 2004 @ 01:41:13 CDT (User Info | Send a Message) http://pctoolbin.com | |
If the 7.3 Patched zip is only missing one file/fix, what accounts for the larger file size of this Sec-Fix Patch Zip file? 7.3 Patched is 197kb Sec-Fix 7.3 is 394kb Just wanting to make sure when I upgrade, I am installing what I need to be installing without screwing things up.....sorry if I am sounding "difficult", that's not my intention. |
Re: Sec-Fix Patch 7.3 (Score: 1) | | And in the file "fixchanges.txt", are we required to do all the find and replaces mentioned there (as shown below)? Or has it been done already? I opened a couple files and it appears to have been done, but am not sure if either fixchanges.txt just wasn't updated/removed, or if I just am missing something.....
1-On all files listed in fixlist.txt find: , $_SERVER['PHP_SELF'])) { or: ,$_SERVER[PHP_SELF])) { or: ,$_SERVER['PHP_SELF'])) { or: , $_SERVER["PHP_SELF"])) { change to: , $_SERVER['SCRIPT_NAME'])) { In the case of the admin/links folder files you will need to add the following after the file credits: if (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); } |
Re: Sec-Fix Patch 7.3 (Score: 1) | | Patch updated ,Forum files were removed as they do not require editing, they already use another method of filtering ,as for anyone having a "You can't access this file directly..." error message please check the following post: http://ravenphpscripts.com/postt1877.html#13139 |
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
