Re: Re: Mambo Open Source, Path disclosure

trueend5_at_yahoo.com
Date: 11/06/05

  • Next message: Debasis Mohanty: "Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability"
    Date: 6 Nov 2005 14:32:05 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) You are right
    mamboserver soloution is available now:
    The fix is easy,

    in /component/com_content/content.php
    Approx Line 190 Change the block FROM:

    Code:
    // Paramters
            $params = new stdClass();
            if ( $Itemid ) {
                    $menu = new mosMenu( $database );
                    $menu->load( $Itemid );
                    $params =& new mosParameters( $menu->params );
            } else {
                    $menu = "";
                    $params =& new mosEmpty();

            }

    CHANGE TO READ:

    Code:
    // Paramters
            $params = new stdClass();
            if ( $Itemid ) {
                    $menu = new mosMenu( $database );
                    $menu->load( $Itemid );
                    $params =& new mosParameters( $menu->params );
            } else {
                    $menu = "";
                    $params =& new mosParameters(''); //mosEmpty();

            }
    best regards
    Alireza Hassani
    Security Science Researchers Institute Of Iran
    [http://www.KAPDA.ir]


  • Next message: Debasis Mohanty: "Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability"