PhpDig.net - View Single Post

Charter · 12-11-2004, 10:14 AM

It is imperative that you make the following change ASAP! In fact, take PhpDig down until you hear the all clear, and change your passwords now. Make sure you have new passwords at once, and do not use PhpDig until you get the all clear. The problem can affect multiple versions of PhpDig.

In search.php find:

PHP Code:


			
extract(phpdigHttpVars(

     array('query_string'=>'string',

           'refine'=>'integer',

           'refine_url'=>'string',

           'site'=>'string', // set to integer later

           'limite'=>'integer',

           'option'=>'string',

           'lim_start'=>'integer',

           'browse'=>'integer',

           'path'=>'string'

           )

     ));

And replace with:

PHP Code:


			
extract(phpdigHttpVars(

     array('query_string'=>'string',

           'refine'=>'integer',

           'refine_url'=>'string',

           'site'=>'string', // set to integer later

           'limite'=>'integer',

           'option'=>'string',

           'lim_start'=>'integer',

           'browse'=>'integer',

           'path'=>'string'

           )

     ),EXTR_SKIP);

Also, make sure to watch this thread (http://www.phpdig.net/forum/showthread.php?t=1573) for the next couple of days, as more posts may be coming. In the meantime, it would be a good idea to find every extract in the code and add the EXTR_SKIP option to the end. PhpDig will not be available for download until this problem is fixed.

Argh..........

12-11-2004, 10:14 AM	#4
Charter Head Mole Join Date: May 2003 Posts: 2,539	It is imperative that you make the following change ASAP! In fact, take PhpDig down until you hear the all clear, and change your passwords now. Make sure you have new passwords at once, and do not use PhpDig until you get the all clear. The problem can affect multiple versions of PhpDig. In search.php find: PHP Code: `extract(phpdigHttpVars( array('query_string'=>'string', 'refine'=>'integer', 'refine_url'=>'string', 'site'=>'string', // set to integer later 'limite'=>'integer', 'option'=>'string', 'lim_start'=>'integer', 'browse'=>'integer', 'path'=>'string' ) ));` And replace with: PHP Code: `extract(phpdigHttpVars( array('query_string'=>'string', 'refine'=>'integer', 'refine_url'=>'string', 'site'=>'string', // set to integer later 'limite'=>'integer', 'option'=>'string', 'lim_start'=>'integer', 'browse'=>'integer', 'path'=>'string' ) ),EXTR_SKIP);` Also, make sure to watch this thread (http://www.phpdig.net/forum/showthread.php?t=1573) for the next couple of days, as more posts may be coming. In the meantime, it would be a good idea to find every extract in the code and add the EXTR_SKIP option to the end. PhpDig will not be available for download until this problem is fixed. Argh.......... __________________ Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.