indexscript sql injection hole fix

[hakon]

following from this thread: http://www.indexscript.com/forum/showthread.php?t=2260 - i'm posting a consolidated fix in this thread for the sql injection security hole exploited today:


if you are using v2.8 and have not modified your utils.php file found in the include folder:
1. you can simply download the utils.php attached in this post for v2.8 and replace your existing one with it


if you are using v2.7 and have not modified your utils.php file found in the include folder:
1. you can simply download the utils.php attached in this post for v2.7 and replace your existing one with it


if you want to perform a manual replace:
1. open up your utils.php in the include folder
2. look for:

Code:

function fnpreparesql($field) {
  if(!get_magic_quotes_gpc()) {
    return mysql_real_escape_string($field);
  }
  else {
    return $field;
  }
}

and replace with:

Code:

function fnpreparesql($field) {
  if(get_magic_quotes_gpc()) {
    $temp = stripslashes($field);
  }
  else {
    $temp = $field;
  }

  if(stristr($temp, "dir_login")) {
    $temp = "";
  }

  return mysql_real_escape_string($temp);
}

look for all instances of:

Code:

= " . $cat_id

and replace with:

Code:

= " . fnpreparesql($cat_id)

look for all instances of:

Code:

= " . $start_id

and replace with:

Code:

= " . fnpreparesql($start_id)

look for all instances of:

Code:

= " . $row['parent_id']

and replace with:

Code:

= " . fnpreparesql($row['parent_id'])

look for all instances of:

Code:

= " . $row['cat_id']

and replace with:

Code:

= " . fnpreparesql($row['cat_id'])