Upgrading from DigiOz Guestbook Version 1.7.2 to 1.7.3
12 years 1 month ago - 11 years 2 weeks ago #12434
by Pete
DigiOz Webmaster
www.digioz.com
Upgrading from DigiOz Guestbook Version 1.7.2 to 1.7.3 was created by Pete
Hello All,
Below is how you can upgrade your DigiOz Guestbook Version 1.7.2 to the newly release version 1.7.3. This release is a security patch that we recommend users apply to their guestbooks as soon as possible.
Steps:
That's it! You are now upgraded to Version 1.7.3.
Thanks,
Pete
Below is how you can upgrade your DigiOz Guestbook Version 1.7.2 to the newly release version 1.7.3. This release is a security patch that we recommend users apply to their guestbooks as soon as possible.
Steps:
- Step 1 - Copy the following files from the new zip file found
HERE
into your current guestbook, replacing the old one:
- add.php
- sanitize.php
- search.php
- Step 2 - Open the file "config.php". Find this line:
Code:<?phpCode:<?php // Version of this Guestbook --------------------------------------------------------- $gb_version = "1.7.3";
- Step 3 - Open the file "footer.php". Find this line:
Code:[url=http://www.digioz.com]<FONT class=training face=verdana, arial size=-2>DigiOz Guestbook Version 1.7.2<br>© 2007 DigiOz Multimedia. </FONT>[/url]Code:[url=http://www.digioz.com]<FONT class=training face=verdana, arial size=-2>Powered by DigiOz Guestbook<br>© 2007-2012 DigiOz Multimedia. </FONT>[/url]
- Step 4 - Open the file "add.php". Find this code:
Code:if (!isset($error)) {Code:if (!isset($error)) { include("sanitize.php");Code:$message_log_string = $message_time_log." | ".$message_ip_log." | ".$message_ip_address_log." | ".$yourname." | ".$yourmessage."\n";Code:$message_log_string = $message_time_log." | ".$message_ip_log." | ".$message_ip_address_log." | ".sanitize_html_string($yourname)." | ".sanitize_html_string($yourmessage)."\n";Code:$message_log_string = $message_time_log." | ".$message_ip_log." | ".$message_ip_address_log." | ".$yourname."\n";Code:$message_log_string = $message_time_log." | ".$message_ip_log." | ".$message_ip_address_log." | ".sanitize_html_string($yourname)."\n";
- Step 5 - Open the file "search.php". Find this code block:
Code:$search = $_POST['search_term']; // get user search information $pageNum = $_GET['page']; // generated only on multi-page results and selected by userCode:$search = sanitize_html_string($_POST['search_term']); $pageNum = sanitize_int($_GET['page'],0,9000); if ($search == "") { $search = sanitize_html_string($_GET['search_term']); }
That's it! You are now upgraded to Version 1.7.3.
Thanks,
Pete
DigiOz Webmaster
www.digioz.com
Last edit: 11 years 2 weeks ago by Pete.
Please Log in or Create an account to join the conversation.
12 years 3 weeks ago #12439
by P Wormer
Replied by P Wormer on topic Upgrading from DigiOz Guestbook Version 1.7.2 to 1.7.3
I updated the guestbook software and checked Pete's sanitizing steps of August 16 2012. However, the special characters double quote (") and line break (\n) in the messages are now explicitly listed as " and <br>. When I comment out the assignments $yourmessage = str_replace(..) in the function "clean_message()" the problem is gone. Is it possible that the sanitation is done once too often? Or am I now vulnerable to code injection, after I commented out the cleanup of $yourmessage?
Please Log in or Create an account to join the conversation.
12 years 3 weeks ago #12440
by P Wormer
Replied by P Wormer on topic Upgrading from DigiOz Guestbook Version 1.7.2 to 1.7.3
Sorry, my mistake, ignore previous message. Sanitation was indeed performed once too often, but that was my own doing. At the same time I noticed that single quote ($rep1[3]) is not replaced by ' in function "clean_message". Is that OK?
Please Log in or Create an account to join the conversation.
12 years 3 weeks ago #12441
by Pete
DigiOz Webmaster
www.digioz.com
Replied by Pete on topic Upgrading from DigiOz Guestbook Version 1.7.2 to 1.7.3
Yes, because it is replaced in a different function in the code. You're fine.
Thanks,
Pete
Thanks,
Pete
DigiOz Webmaster
www.digioz.com
Please Log in or Create an account to join the conversation.
11 years 10 months ago #12564
by jr212
Replied by jr212 on topic Upgrading from DigiOz Guestbook Version 1.7.2 to 1.7.3
Hi,
Is there a way to edit the messages?
Jan
Is there a way to edit the messages?
Jan
Please Log in or Create an account to join the conversation.
11 years 10 months ago #12565
by Pete
DigiOz Webmaster
www.digioz.com
Replied by Pete on topic Upgrading from DigiOz Guestbook Version 1.7.2 to 1.7.3
Not with the current version, but its in the works for the next version.
DigiOz Webmaster
www.digioz.com
Please Log in or Create an account to join the conversation.
Time to create page: 0.127 seconds