Bonjour,
Un important fixe de securite vient de voir le jour sur le site officiel de
Gallery v1.4.1.
Vous pouvez trouver les informations necessaires sur le site ou encore update
votre version de Gallery a v1.4.1-pl1
Ou encore vous pouvez patcher vous meme Gallery voici les lignes de code a modifier.
File: gallery/init.php
Find the following code:
if (!$gallery->register_globals) {
if (is_array($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS);
}
…
Insert the code below the first line so that it now appears as:
if (!$gallery->register_globals) {
/* START OF NEW CODE */
$scrubList = array(‘HTTP_GET_VARS’, ‘HTTP_POST_VARS’,
‘HTTP_COOKIE_VARS’, ‘HTTP_POST_FILES’);
foreach ($scrubList as $outer) {
foreach ($scrubList as $inner) {
unset(${$outer}[$inner]);
}
}
/* END OF NEW CODE */
if (is_array($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS);
}
…
File: gallery/setup/init.php
Find the following code, at the top of the file:
/* emulate part of register_globals = on */
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
extract($HTTP_COOKIE_VARS);
Insert the code below the first line so that it now appears as:
/* emulate part of register_globals = on */
/* START OF NEW CODE */
$scrubList = array(‘HTTP_GET_VARS’, ‘HTTP_POST_VARS’,
‘HTTP_COOKIE_VARS’, ‘HTTP_POST_FILES’);
foreach ($scrubList as $outer) {
foreach ($scrubList as $inner) {
unset(${$outer}[$inner]);
}
}
/* END OF NEW CODE */
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
extract($HTTP_COOKIE_VARS);
