Advertisement:
Readme
This patch file will provide important security fixes to your SMF 2.0.10 forum.
File Edits
./index.php
./Sources/Load.php
./Sources/LogInOut.php
./Sources/ManageMembers.php
./Sources/Modlog.php
./Sources/Packages.php
Operation #2
Find: [Select]
$potententialTrees = unserialize(base64_decode($_GET['back_look']));
Replace With: [Select]
$potententialTrees = safe_unserialize(base64_decode($_GET['back_look']));
Operation #3
Find: [Select]
$_POST['permStatus'] = unserialize(base64_decode($_POST['toProcess']));
Replace With: [Select]
$_POST['permStatus'] = safe_unserialize(base64_decode($_POST['toProcess']));
./Sources/Subs-Auth.php
./Sources/Subs-Editor.php
Operation #2
Find: [Select]
$context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array();
Replace With: [Select]
$context['search_param'] = isset($_REQUEST['search_param']) ? safe_unserialize(base64_decode($_REQUEST['search_param'])) : array();
./Sources/Subs-OpenID.php
./Sources/Subs.php
Operation #2
Find: [Select]
void remove_integration_function(string hook, string function)
- removes the given function from the given hook.
- does nothing if the functions is not available.
Replace With: [Select]
void remove_integration_function(string hook, string function)
- removes the given function from the given hook.
- does nothing if the functions is not available.
array safe_unserialize(string data)
- sanitizes input before unserializing string.
Operation #3
Find: [Select]
function return_chr__preg_callback($matches)
{
return chr($matches[1]);
}
Replace With: [Select]
function return_chr__preg_callback($matches)
{
return chr($matches[1]);
}
function safe_unserialize($data)
{
// There's no reason input should contain an object,
// user is up to no good...
if (preg_match('/(^|;|{|})O:([0-9]|\+|\-)+/', $data) === 0)
return @unserialize($data);
}