Модуль IP.Board 2.2.x and 2.3.x Security Patch

[Android]

IP.Board 2.2.x and 2.3.x Security Patch
Дата выхода: 29 August 2008 - 05:17 PM (т.е. в 2.3.5 и 2.3.6 он уже стоит)
Патчь убирает возможность SQL-инжекции в файле: sources/action_public/xmlout.php



Ручная установка патча:
Откройте файл: sources/action_public/xmlout.php
В строке 1076 замените:

'where'  => "{$check_field}='{$name}'",

на:

'where'  => "{$check_field}='". $this->ipsclass->DB->add_slashes( $name ) . "'",

Официальное описание:

IP.Board 2.2.x and 2.3.x Security Patch

We have released a single-file security patch which impacts IP.Board 2.2.x and 2.3.x versions. This is a critical update. Please apply the patch as soon as possible or contact our technical support via the client area if you need assistance.

Issue

It is possible to perform a remote SQL exploit and inject SQL code in an existing IPB query.

Patching Your Board

If you have downloaded your IP.Board after the time of this announcement, the patch is already included in your files. To patch an existing installation, simply download the attached file and overwrite: sources/action_public/xmlout.php

 

[ChibA]

Ты людей не путай, написал бы хоть дату выхода патча))