Home / Information
February 13 2018

Security patch

celsoft 13 February 2018 Information 1 970
The problem: data filtering.

Error in version: 12.1 and less

Severity: high

To fix this issue, open the file engine/classes/parse.class.php and find:
	function clear_url($url) {
		global $config;

below add:
	$url = str_replace(array("{", "}", "[", "]"),array("%7B", "%7D", "%5B", "%5D"), $url);

This fix is for version 12.1 and all versions less that 12.1.

The version 12.1 on our server updated.
March 06 2017

Security patch

celsoft 6 March 2017 Information 3 016
The problem: data filtering.

Error in version: 11.2 and below

Severity: high

To fix, open the file: /engine/go.php and find:
$url = @str_replace ( "&", "&", $url );

add below:
$url = htmlspecialchars( $url, ENT_QUOTES, $config['charset'] );
$url = str_replace ( "&", "&", $url );

Open the file:: /engine/ajax/typograf.php and find:
$txt = trim( convert_unicode( $_POST['txt'], $config['charset'] ) );

add below:
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$txt = $parse->process( $txt );
$txt = preg_replace( "/javascript:/i", "jаvascript:", $txt );
$txt = preg_replace( "/data:/i", "dаta:", $txt );
December 07 2016
The problem: data filtering.

Error in version: 11.1 and below

Severity: high

To fix, open the file: /engine/classes/parse.class.php and find:
		if( preg_match( "/[?&;%<\[\]]/", $url ) ) {

			if( $align != "" ) return "[img=" . $align . "]" . $url . "[/img]";
			else return "[img]" . $url . "[/img]";

		}

replace with:
		if( preg_match( "/[?&;%<\[\]]/", $url ) ) {

			return $matches[0];

		}
Dear friends,

Social network Facebook has implemented a new API version 2.4, which amended the authorization of users on the sites. When creating new applications in this social network, they automatically receive this version of the API, whereby it was not possible to use authorization on your sites with Facebook, because e-mail address was not available.

To fix this problem you need to open a file engine/classes/social.class.php find in it:
$params = array('access_token' => $token['access_token']);
replace with:
$params = array('access_token' => $token['access_token'], 'fields' => "id,name,email,first_name,last_name");

The distribution on our server updated.

Calendar

«    June 2020    »
MonTueWedThuFriSatSun
1234567
891011121314
15161718192021
22232425262728
2930 

Voting On The Website

Please, rate the engine

Tags Cloud