Security vulnerabilities

Hi everybody,

First of all that should not be an offense or conviction of Patriks work and I'm very happy that he privides that album script for all of us .. in general it's a good piece of software and I would like to say thank you.

But it seems that some security vulnerabilities of phpAlbum are still not fixed or incompletly fixed. From my investigations in the code the mayor problem of phpAlbum are based on "bugs", or let's say design issues, of the php flatfile database.
Especially the function db_create_where_function has serious design errors in the vulnerability checks.
In this function it not really a big deal to inject code which gets directly executed on the webserver as the variables get directly passed to a create_function.
The last fixes only fixed the variables passed to this function but not the function itself.

I've tried to resolve that issue by modifying the function and I'd like to share it with you. I'm not completely sure if it resolves every issue and if works as it should in all possible cases but it's a start. Maybe Patrik can take a look at it and may integrate it in a new release:

Code follows .. seems that the body does not get parsed correctly in this forum.

Best regards
Günther

Code

Seems the editor is not showing the whole code.
I've posted my updated phpdatabase.php file in the Bugtracker.

http://www.phpalbum.net/node/1832

Nice work! I will look at it

Nice work! I will look at it tomorrow.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


style="display:inline-block;width:468px;height:60px"
data-ad-client="ca-pub-8698264690166658"
data-ad-slot="4417389723">