/ Information
February 13 2018

Security patch

The problem: data filtering.

Error in version: 12.1 and less

Severity: high

To fix this issue, open the file engine/classes/parse.class.php and find:
	function clear_url($url) {
		global $config;

below add:
	$url = str_replace(array("{", "}", "[", "]"),array("%7B", "%7D", "%5B", "%5D"), $url);

This fix is for version 12.1 and all versions less that 12.1.

The version 12.1 on our server updated.
March 06 2017

Security patch

The problem: data filtering.

Error in version: 11.2 and below

Severity: high

To fix, open the file: /engine/go.php and find:
$url = @str_replace ( "&", "&", $url );

add below:
$url = htmlspecialchars( $url, ENT_QUOTES, $config['charset'] );
$url = str_replace ( "&", "&", $url );

Open the file:: /engine/ajax/typograf.php and find:
$txt = trim( convert_unicode( $_POST['txt'], $config['charset'] ) );

add below:
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$txt = $parse->process( $txt );
$txt = preg_replace( "/javascript:/i", "jаvascript:", $txt );
$txt = preg_replace( "/data:/i", "dаta:", $txt );
December 07 2016

Security patch

The problem: data filtering.

Error in version: 11.1 and below

Severity: high

To fix, open the file: /engine/classes/parse.class.php and find:
		if( preg_match( "/[?&;%<\[\]]/", $url ) ) {

			if( $align != "" ) return "[img=" . $align . "]" . $url . "[/img]";
			else return "[img]" . $url . "[/img]";

		}

replace with:
		if( preg_match( "/[?&;%<\[\]]/", $url ) ) {

			return $matches[0];

		}
July 26 2015

Changes in authorization with Facebook

Dear friends,

Social network Facebook has implemented a new API version 2.4, which amended the authorization of users on the sites. When creating new applications in this social network, they automatically receive this version of the API, whereby it was not possible to use authorization on your sites with Facebook, because e-mail address was not available.

To fix this problem you need to open a file engine/classes/social.class.php find in it:
$params = array('access_token' => $token['access_token']);
replace with:
$params = array('access_token' => $token['access_token'], 'fields' => "id,name,email,first_name,last_name");

The distribution on our server updated.
Calendar
«    April 2018    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
30 
Voting On The Website
Please, rate the engine

Top News
News Archive