Edit Profile vulnerability patch
Posted by Falk on 11/22/2004
An exploit has been discovered by Grindordie which can change a user's password. This is regarded as low risk because it requires the user to click a bogus button which in turn executes the user's update profile page. Of course, I have produced a defensive fix which prevents this exploit from working. The patch, profile-fix, is available from the PHPFusion Core Downloads area. The full/upgrade packs have been updated to include the above fix.

Click read more to find out what changes have been made.
Extended News
editprofile.php

Line 165
added this line:

above this line:

fusion_core/update_profile.php

From Line 46:
Replace:
if (!preg_match("/^[0-9A-Z]+$/i", $_POST['user_newpassword'])) {

     $error .= LAN_444."\n";

}
with:
if ($_POST['user_hash'] == $userdata['user_password']) {

     if (!preg_match("/^[0-9A-Z]+$/i", $_POST['user_newpassword'])) {

          $error .= LAN_444."
\n";

     }

} else {

     $error .= LAN_450."
\n";

}
editprofile.php language file
define("LAN_450", "Warning:</b> unexpected script execution.");