1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Horde patch

Discussion in 'Plesk for Linux - 8.x and Older' started by evilrabbi, Apr 12, 2006.

  1. evilrabbi

    evilrabbi Guest

    0
     
    The version of horde that is shipped with plesk is vulnerable to remote execution in the help module. This can lead to unauthorized people having access to your server. I'm sure swsoft will issue a patch, but untill then you can use the patch I wrote.

    Add the following lines of code to the index.php file located in
    /usr/share/psa-horde/services/help.

    add it after

    $topic = Util::getFormData('topic');

    and before

    if ($module == 'admin') {

    After a patch is issued by plesk remove the code then update.

    $good_module = $module;
    $bad_chars = array
    (
    "';'",
    "'\''",
    );
    $replace = array
    (
    " "
    );
    $good_module = preg_replace ($search, $replace, $good_module);

    $module = $good_module;

    cheers,
    evilrabbi < evilrabbi <at> gmail [dot] com>
     
  2. MMaverick

    MMaverick Guest

    0
     
    The above code didn't exactly work with me.
    I changed it to this, which worked: (I did a few tests to make sure it did.)

    Code:
    $good_module = $module;
    $bad_chars = array("';'","''",);
    $replace = array(" ");
    $good_module = preg_replace ($bad_chars, $replace, $good_module);
     
Loading...