Home / Materials for March 2017 year
March 06 2017

Security patch

celsoft 6 March 2017 Information 4 116
The problem: data filtering.

Error in version: 11.2 and below

Severity: high

To fix, open the file: /engine/go.php and find:
$url = @str_replace ( "&", "&", $url );

add below:
$url = htmlspecialchars( $url, ENT_QUOTES, $config['charset'] );
$url = str_replace ( "&", "&", $url );

Open the file:: /engine/ajax/typograf.php and find:
$txt = trim( convert_unicode( $_POST['txt'], $config['charset'] ) );

add below:
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$txt = $parse->process( $txt );
$txt = preg_replace( "/javascript:/i", "jаvascript:", $txt );
$txt = preg_replace( "/data:/i", "dаta:", $txt );

Calendar

«    March 2017    »
MonTueWedThuFriSatSun
 12345
6789101112
13141516171819
20212223242526
2728293031 

Voting On The Website

Please, rate the engine