New XSS vulnerability patch
Posted by Falk on 04/05/2005
As you may be aware a patch was recently applied to sanitise ubb code preventing javascript from being executed if in ascii format. Though this patch has been successful in eliminating such exploits, it does not acount for ascii code without a trailing semi-colon. Existing users are advised to update their fusion_core.php from the service pack. The sourceforge files have been updated so new users do not need to worry about this fix.
[Updated] - Click Read More if you want to update your fusion_core.php manually.
Extended News
If you want to update your fusion_core.php manually. Simply look for the following at approximately line 323:
$message = preg_replace_callback("/([0-9]{1,3});/", create_function('$matches', 'return chr($matches[1]);'), $message);
Add the following after the above line:
$message = preg_replace_callback("/([0-9]{1,3})/", create_function('$matches', 'return chr($matches[1]);'), $message);
Now look for the second line at approximately line 342:
$message = preg_replace_callback("/([0-9]{1,3});/", create_function('$matches', 'return chr($matches[1]);'), $message);
And replace the above line with the following lines:
$text = preg_replace_callback("/([0-9]{1,3});/", create_function('$matches', 'return chr($matches[1]);'), $text);
$text = preg_replace_callback("/([0-9]{1,3})/", create_function('$matches', 'return chr($matches[1]);'), $text);
Note that the second line's string at line 342 should be $text not $message.