John
June 8, 2012, 03:55 PM
Hello,
We would like to inform you that there was a small blemish detected in the script.
Here the simple instruction which will help you to fix the problem yourself easy, let's start:
BTW, if you see that the changes already done then someone from Flynax tech. dep. already implemented the fix for your website.
1. Make sure you save file copy before making changes in.
2. download the <b>.htaccess.zip</b> file and unzip it on your computer to some directory, zip archive contains
.htaccess file which should be copied to your server to the following directories:
- /files/
- /files/images/
- /tmp/upload/
3. changes in file
- open the following file for edit: /libs/system.lib.php
- find the code:
/* conditions list */
$l_cond = array(
'isEmail' => $GLOBALS['lang']['mail'],
'isUrl' => $GLOBALS['lang']['url']
);
- and replace it with this code
/* deny files extension regular expresion */
$l_deny_files_regexp = "/\.(php|php3|php4|php5|phtml|pl|py|psp|js|jsp|cgi|u til|inc)$/";
/* conditions list */
$l_cond = array(
'isEmail' => $GLOBALS['lang']['mail'],
'isUrl' => $GLOBALS['lang']['url']
);
- save changes
4. changes in file
- open the following file for edit: /admin/controllers/accounts.inc.php
- find the code (line ~ 534):
$rlHook -> load('apPhpAccountsValidate');
- and replace it with this code
if ( $back_errors = $rlCommon -> checkDynamicForm( $account_data, $fields, 'f', true ) )
{
foreach ( $back_errors as $error )
{
$errors[] = $error;
}
if ( $rlCommon -> error_fields )
{
$error_fields = $rlCommon -> error_fields;
$rlCommon -> error_fields = false;
}
}
- save changes
5. changes in file
- open the following file for edit: /admin/controllers/listings.inc.php
- find the code (line ~ 1004):
if ( $back = $rlCommon -> checkDynamicForm( $data, $category_fields, 'f', true ) )
- and replace it with this code
if ( $back = $rlCommon -> checkDynamicForm( $data, $listing_fields, 'f', true ) )
- save changes
6. changes in file
- open the following file for edit: /includes/classes/rlActions.class.php
- find the code (line ~ 601):
global $config;
- and replace it with this code
global $config, $l_deny_files_regexp;
- find the code (line ~ 608):
$file_tmp_name = $_SESSION['tmp_files'][$parent][$field] ? $_SESSION['tmp_files'][$parent][$field] : $_SESSION['tmp_files'][$field];
- and replace it with this code
$file_tmp_name = $_SESSION['tmp_files'][$parent][$field] ? $_SESSION['tmp_files'][$parent][$field] : $_SESSION['tmp_files'][$field];
/* prevent denied files upload */
if ( preg_match($l_deny_files_regexp, $file_tmp_name) )
{
return false;
}
- find the code (line ~ 617):
$file_tmp_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
- and replace it with this code
$file_tmp_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
/* prevent denied files upload */
if ( preg_match($l_deny_files_regexp, $file_tmp_name) )
{
return false;
}
- save changes
7. changes in file
- open the following file for edit: /includes/classes/rlCommon.class.php
- find the code (line ~ 246):
global $error_fields, $lang;
- and replace it with this code
global $error_fields, $lang, $languages, $l_deny_files_regexp;
- find the code (line ~ 504):
if ( !$this -> rlValid -> isImage($file_ext) )
- and replace it with this code
if ( !$this -> rlValid -> isImage($file_ext) || preg_match($l_deny_files_regexp, $_FILES[$f2]['name']) )
- find the code (line ~ 525):
if ( !$this -> rlValid -> isFile( $fields[$poss]['Default'], $file_ext) )
- and replace it with this code
if ( !$this -> rlValid -> isFile( $fields[$poss]['Default'], $file_ext) || preg_match($l_deny_files_regexp, $_FILES[$f2]['name']) )
- save changes
8. changes in file
- open the following file for edit: /includes/classes/reefless.class.php
- find the code (line ~ 362):
global $lang;
- and replace it with this code
global $lang, $l_deny_files_regexp;
- find the code (line ~ 370):
$file_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
- and replace it with this code
$file_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
/* prevent denied files upload */
if ( preg_match($l_deny_files_regexp, $file_name) )
{
return false;
}
- save changes
That's all, yes looks hard but you should just go through this instruction step by step and you will do it!
Feel free to submit a ticket to our technical department if you have any problems with this fix.
John
We would like to inform you that there was a small blemish detected in the script.
Here the simple instruction which will help you to fix the problem yourself easy, let's start:
BTW, if you see that the changes already done then someone from Flynax tech. dep. already implemented the fix for your website.
1. Make sure you save file copy before making changes in.
2. download the <b>.htaccess.zip</b> file and unzip it on your computer to some directory, zip archive contains
.htaccess file which should be copied to your server to the following directories:
- /files/
- /files/images/
- /tmp/upload/
3. changes in file
- open the following file for edit: /libs/system.lib.php
- find the code:
/* conditions list */
$l_cond = array(
'isEmail' => $GLOBALS['lang']['mail'],
'isUrl' => $GLOBALS['lang']['url']
);
- and replace it with this code
/* deny files extension regular expresion */
$l_deny_files_regexp = "/\.(php|php3|php4|php5|phtml|pl|py|psp|js|jsp|cgi|u til|inc)$/";
/* conditions list */
$l_cond = array(
'isEmail' => $GLOBALS['lang']['mail'],
'isUrl' => $GLOBALS['lang']['url']
);
- save changes
4. changes in file
- open the following file for edit: /admin/controllers/accounts.inc.php
- find the code (line ~ 534):
$rlHook -> load('apPhpAccountsValidate');
- and replace it with this code
if ( $back_errors = $rlCommon -> checkDynamicForm( $account_data, $fields, 'f', true ) )
{
foreach ( $back_errors as $error )
{
$errors[] = $error;
}
if ( $rlCommon -> error_fields )
{
$error_fields = $rlCommon -> error_fields;
$rlCommon -> error_fields = false;
}
}
- save changes
5. changes in file
- open the following file for edit: /admin/controllers/listings.inc.php
- find the code (line ~ 1004):
if ( $back = $rlCommon -> checkDynamicForm( $data, $category_fields, 'f', true ) )
- and replace it with this code
if ( $back = $rlCommon -> checkDynamicForm( $data, $listing_fields, 'f', true ) )
- save changes
6. changes in file
- open the following file for edit: /includes/classes/rlActions.class.php
- find the code (line ~ 601):
global $config;
- and replace it with this code
global $config, $l_deny_files_regexp;
- find the code (line ~ 608):
$file_tmp_name = $_SESSION['tmp_files'][$parent][$field] ? $_SESSION['tmp_files'][$parent][$field] : $_SESSION['tmp_files'][$field];
- and replace it with this code
$file_tmp_name = $_SESSION['tmp_files'][$parent][$field] ? $_SESSION['tmp_files'][$parent][$field] : $_SESSION['tmp_files'][$field];
/* prevent denied files upload */
if ( preg_match($l_deny_files_regexp, $file_tmp_name) )
{
return false;
}
- find the code (line ~ 617):
$file_tmp_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
- and replace it with this code
$file_tmp_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
/* prevent denied files upload */
if ( preg_match($l_deny_files_regexp, $file_tmp_name) )
{
return false;
}
- save changes
7. changes in file
- open the following file for edit: /includes/classes/rlCommon.class.php
- find the code (line ~ 246):
global $error_fields, $lang;
- and replace it with this code
global $error_fields, $lang, $languages, $l_deny_files_regexp;
- find the code (line ~ 504):
if ( !$this -> rlValid -> isImage($file_ext) )
- and replace it with this code
if ( !$this -> rlValid -> isImage($file_ext) || preg_match($l_deny_files_regexp, $_FILES[$f2]['name']) )
- find the code (line ~ 525):
if ( !$this -> rlValid -> isFile( $fields[$poss]['Default'], $file_ext) )
- and replace it with this code
if ( !$this -> rlValid -> isFile( $fields[$poss]['Default'], $file_ext) || preg_match($l_deny_files_regexp, $_FILES[$f2]['name']) )
- save changes
8. changes in file
- open the following file for edit: /includes/classes/reefless.class.php
- find the code (line ~ 362):
global $lang;
- and replace it with this code
global $lang, $l_deny_files_regexp;
- find the code (line ~ 370):
$file_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
- and replace it with this code
$file_name = $parent && $_FILES[$parent] ? $_FILES[$parent]['name'][$field] : $_FILES[$field]['name'];
/* prevent denied files upload */
if ( preg_match($l_deny_files_regexp, $file_name) )
{
return false;
}
- save changes
That's all, yes looks hard but you should just go through this instruction step by step and you will do it!
Feel free to submit a ticket to our technical department if you have any problems with this fix.
John