Support Forums
Development Forum
Security Patches for 1.5.1
You must be signed-in to post.
| Author | Subject | |
|---|---|---|
| Page: 1 | ||
greg | Subject: Security Patches for 1.5.1 |  |
| A couple minor security issues have been noted by: www.securityfocus.com/archive/1/408521 1. Add to /login.php somewhere near the top of the file: if (isset($_GET['course'])) { $_GET['course'] = intval($_GET['course']); } else { $_GET['course'] = 0; } 2. Add to include/html/search.inc.php --After the following line near the top for the file: if (isset($_GET['search'])) { --Add the following $_GET['words'] = stripslashes($addslashes($_GET['words'])); $_GET['words'] = str_replace(array('"', '\''), '', $_GET['words']); Posted: 2005-08-26 17:12:14 | ||
 | ||
| greg | Subject: ATutor Critical Security Patch | |
| *ATutor 1.5.1 Users* Users of ATutor 1.5.1 are advised to apply a patch to the password_reminder.php file to remove a critical vulnerability that could allow a non-authorized user to gain access to the administrative features of ATutor when magic_quotes is disabled in PHP. Replace the current password_reminder.php file with the new version (removing the .txt extension) found at: www.atutor.ca/atutor/files/patches/password_reminder.php.txt *ATutor 1.5 and earlier* Users of earlier versions of ATutor are advised to upgrade to ATutor version 1.5.1.pl1 to correct the problem. ATutor 1.5.1.pl1 Download www.atutor.ca/atutor/download.php Note: If your system is running with magic_quotes turned on (the default) this vulnerability does not apply. It will likely be applicable for those running on hosted servers where older PHP settings are being maintained.If you are asking for help, provide lots of detail so problems can be reproduced. Posted: 2005-09-15 17:26:53 | ||
| ||
| Page: 1 | ||
You must be signed-in to post.