View New Content

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Tutorial info Visit support topic

Added on: May 11 2005 02:21 PM
Date Updated: May 30 2006 07:34 PM
Views: 2603

1 Ratings

IPB 1.3 Official Security Patches

Official Security Patches for IPB 1.3 released by Invision Power Services

Posted by Michael on May 11 2005 02:21 PM

These are the required edits to the core IPB 1.3 files for the various official security patches as released by Invision Power Services. I have tried to be as complete as possible, so you may have already applied some of these edits. If you cannot find the specific lines quoted in these instructions, then you probably already have the edit in your board, as IPS has a tendency to update their source files on their downloads page.

Step 1
Open ssi.php
Find:

	//----------------------------------------
	// Sort out the forum ids
	//----------------------------------------
	
	if ( $ibforums->input['f'] )
	{
		$forums = explode( ",", $ibforums->input['f'] );
	}
	else
	{
		fatal_error("Fatal error: no forum id specified");
	}

Change To:

	//----------------------------------------
	// Sort out the forum ids
	//----------------------------------------
	
	$tmp_forums = array();
	$forums	 = array();
	
	if ( $ibforums->input['f'] )
	{
		$tmp_forums = explode( ",", $ibforums->input['f'] );
	}
	else
	{
		fatal_error("Fatal error: no forum id specified");
	}
	
	foreach ($tmp_forums as $f )
	{
		$f = intval($f);
		
		if ( $f )
		{
			$forums[] = $f;
		}
	}

Save and upload ssi.php

Step 2
Open Skin/s*/skin_msg.php
Find:

function Send_form($data) {
global $ibforums;

Change To:

function Send_form($data) {
global $ibforums, $std;
$auth_check = $std->return_md5_check();

Find:

<input type='hidden' name='OID'  value='{$data['OID']}' />

Add Below:

<input type='hidden' name='auth_key' value='{$auth_check}' />

Save and upload Skin/s*/skin_msg.php

Step 3
Open sources/functions.php
Find:

	function my_getcookie($name)
	{
		global $INFO, $HTTP_COOKIE_VARS;
		
		if (isset($HTTP_COOKIE_VARS[$INFO['cookie_id'].$name]))
		{
	  return urldecode($HTTP_COOKIE_VARS[$INFO['cookie_id'].$name]);
		}
		else
		{
	  return FALSE;
		}
		
	}

Change To:

	function my_getcookie($name)
	{
  global $INFO, $HTTP_COOKIE_VARS;
	 
  if (isset($HTTP_COOKIE_VARS[$INFO['cookie_id'].$name]))
  {
	  if ( ! in_array( $name, array('topicsread', 'forum_read') ) )
	  {
	return $this->clean_value(urldecode($HTTP_COOKIE_VARS[$INFO['cookie_id'].$name]));
	  }
	  else
	  {
	return urldecode($HTTP_COOKIE_VARS[$INFO['cookie_id'].$name]);
	  }
  }
  else
  {
	  return FALSE;
  }
	}

Save and upload sources/functions.php

Step 4
Open sources/Login.php
Find:

			$mid = intval($std->my_getcookie('member_id'));
			$pid = $std->my_getcookie('pass_hash');

Change To:

			$mid = mysql_escape_string(intval($std->my_getcookie('member_id')));
			$pid = mysql_escape_string($std->my_getcookie('pass_hash'));

Save and upload sources/Login.php

Step 5
Open sources/Messenger.php
Find:

 		$ibforums->input['from_contact'] = $ibforums->input['from_contact'] ? $ibforums->input['from_contact'] : '-';

Add Below:

 		//----------------------------------------------------------------
 		// Make sure we have a valid auth key
 		if ( $ibforums->input['auth_key'] != $std->return_md5_check() )
 		{
 			return;
 		}

Save and upload sources/Messenger.php

Step 6
Open sources/Search.php
Find:

	function convert_highlite_words($words="")
	{
		$words = trim(urldecode($words));

Change To:

	function convert_highlite_words($words="")
	{
		global $std;
		
		$words = $std->clean_value(trim(urldecode($words)));

Save and upload sources/Search.php

Step 7
Open sources/Topics.php
Find:

	$keywords = str_replace( "+", " ", $ibforums->input['hl'] );

Change To:

	$keywords = str_replace( "+", " ", $std->clean_value(urldecode($ibforums->input['hl'])));

Save and upload sources/Topics.php

Step 8
Open sources/lib/post_parser.php
Find:

  else if ($IN['s'] == 'col')
  {
	  return "<span style='color:".$IN['1']."'>".$IN['2']."</span>";
  }
  else if ($IN['s'] == 'font')
  {
	  return "<span style='font-family:".$IN['1']."'>".$IN['2']."</span>";
  }

Change To:

  else if ($IN['s'] == 'col')
  {
	  $IN[1] = preg_replace( "/[^\d\w\#\s]/s", "", $IN[1] );
	  return "<span style='color:".$IN['1']."'>".$IN['2']."</span>";
  }
  else if ($IN['s'] == 'font')
  {
	  $IN['1'] = preg_replace( "/[^\d\w\#\-\_\s]/s", "", $IN['1'] );
	  return "<span style='font-family:".$IN['1']."'>".$IN['2']."</span>";
  }

Save and upload sources/lib/post_parser.php

Step 9
Open sources/lib/usercp_functions.php
Find:

  if ( preg_match( "/^http:\/\/$/i", $ibforums->input['url_photo'] ) )
  {
	  $ibforums->input['url_photo'] = "";
  }

Add Below:

  if ( preg_match( "#java script:#is", $ibforums->input['url_photo'] ) )
  {
	  $ibforums->input['url_photo'] = "";
  }

Find:

  if ( preg_match( "/^http:\/\/$/i", $ibforums->input['url_avatar'] ) )
  {
	  $ibforums->input['url_avatar'] = "";
  }

Add Below:

  if ( preg_match( "#java script:#is", $ibforums->input['url_avatar'] ) )
  {
	  $ibforums->input['url_avatar'] = "";
  }

Save and upload sources/lib/usercp_functions.php

Tutorial info Visit support topic

IPB 1.3 Official Security Patches

Sign In