-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[20151214] - Core - Remote Code Execution Vulnerability
- Loading branch information
1 parent
9d33c05
commit 95741d8
Showing
1 changed file
with
25 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
95741d8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, is this patch newer than the ZIPed file over here:
https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
As soon as I use that linked file called SessionFix15v2.zip I get a total blank/white screen. I could not get any error reports either. Can anyone confirm this issue? Is it the wrong file?
95741d8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pepperstreet I've downloaded SessionFix15v1.zip yesterday, but it was a copy of UploadFix15v3.zip, so most likely they just released a correct patch as SessionFix15v2.zip.
Both patches (95741d8 and SessionFix15v2.zip) are identical.
95741d8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
filter_var : php >= 5.2.0, Joomla 1.5 require php >= 5.0.10
Some ppl will not be able to use this patch (yeah it's bad to have php <= 5.5)
95741d8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree, it's better to use
preg_match('/^(?:(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])$/', $_SERVER[...])
instead.95741d8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull request: #3