Home / Information
February 13 2018

Security patch

celsoft 13 February 2018 Information 3 255
The problem: data filtering.

Error in version: 12.1 and less

Severity: high

To fix this issue, open the file engine/classes/parse.class.php and find:
	function clear_url($url) {
		global $config;

below add:
	$url = str_replace(array("{", "}", "[", "]"),array("%7B", "%7D", "%5B", "%5D"), $url);

This fix is for version 12.1 and all versions less that 12.1.

The version 12.1 on our server updated.
March 06 2017

Security patch

celsoft 6 March 2017 Information 4 116
The problem: data filtering.

Error in version: 11.2 and below

Severity: high

To fix, open the file: /engine/go.php and find:
$url = @str_replace ( "&", "&", $url );

add below:
$url = htmlspecialchars( $url, ENT_QUOTES, $config['charset'] );
$url = str_replace ( "&", "&", $url );

Open the file:: /engine/ajax/typograf.php and find:
$txt = trim( convert_unicode( $_POST['txt'], $config['charset'] ) );

add below:
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$txt = $parse->process( $txt );
$txt = preg_replace( "/javascript:/i", "jаvascript:", $txt );
$txt = preg_replace( "/data:/i", "dаta:", $txt );
December 07 2016
The problem: data filtering.

Error in version: 11.1 and below

Severity: high

To fix, open the file: /engine/classes/parse.class.php and find:
		if( preg_match( "/[?&;%<\[\]]/", $url ) ) {

			if( $align != "" ) return "[img=" . $align . "]" . $url . "[/img]";
			else return "[img]" . $url . "[/img]";

		}

replace with:
		if( preg_match( "/[?&;%<\[\]]/", $url ) ) {

			return $matches[0];

		}
Dear friends,

Social network Facebook has implemented a new API version 2.4, which amended the authorization of users on the sites. When creating new applications in this social network, they automatically receive this version of the API, whereby it was not possible to use authorization on your sites with Facebook, because e-mail address was not available.

To fix this problem you need to open a file engine/classes/social.class.php find in it:
$params = array('access_token' => $token['access_token']);
replace with:
$params = array('access_token' => $token['access_token'], 'fields' => "id,name,email,first_name,last_name");

The distribution on our server updated.

Calendar

«    March 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
25262728293031

Voting On The Website

Please, rate the engine