affix ownz u
- Sunday, June 08 2003 @ 02:10 pm EDT
- Contributed by: amckay
- Views: 8,330
Hey folks. A number of my sites got hit on Friday with 'affix ownz u' - someone was able to replace my index.php with this text. It seems this is a vulnerability in PHP, so I upgraded.
Anyway, the new PHP seems secure, but breaks geeklog. My plugins broke but I was able to fix them mostly with some quick coding. But now parts of base GL are broken. Basically anything that reads vars from the query string directly without the following GL functions :
COM_setArgNames(array('VarName1','VarName2'));
$VarName1 = COM_getArgument('VarName1');
$VarName2 = COM_getArgument('VarName2');
I found that staticpages works fine since it uses this, but the story editor does not, nor does 'article.php'. I can easily fix these myself but before I do, I wanted to know if fixes are planned. Also, what other parts of GL are affected?
thanks,
-Alan
Anyway, the new PHP seems secure, but breaks geeklog. My plugins broke but I was able to fix them mostly with some quick coding. But now parts of base GL are broken. Basically anything that reads vars from the query string directly without the following GL functions :
COM_setArgNames(array('VarName1','VarName2'));
$VarName1 = COM_getArgument('VarName1');
$VarName2 = COM_getArgument('VarName2');
I found that staticpages works fine since it uses this, but the story editor does not, nor does 'article.php'. I can easily fix these myself but before I do, I wanted to know if fixes are planned. Also, what other parts of GL are affected?
thanks,
-Alan