/ / Security patch
February 13 2018

Security patch

The problem: data filtering.

Error in version: 12.1 and less

Severity: high

To fix this issue, open the file engine/classes/parse.class.php and find:
	function clear_url($url) {
		global $config;

below add:
	$url = str_replace(array("{", "}", "[", "]"),array("%7B", "%7D", "%5B", "%5D"), $url);

This fix is for version 12.1 and all versions less that 12.1.

The version 12.1 on our server updated.

Comments

VladimirSukhov

VladimirSukhov

13 February 2018 07:59 Visitors
1
What is the benefit to adding this line?
celsoft

celsoft

13 February 2018 18:51 Administrators
0
Quote: VladimirSukhov
What is the benefit to adding this line?

This is a security patch and makes your website safer.
VladimirSukhov

VladimirSukhov

13 February 2018 20:09 Visitors
0
Thanks, I did this perfectly.

Information

Users of Гости are not allowed to comment this publication.
Calendar
«    December 2018    »
MonTueWedThuFriSatSun
 12
3456789
10111213141516
17181920212223
24252627282930
31 
Voting On The Website
Please, rate the engine

Top News
News Archive