Manual Edit // IPB 2.x.x Security Update (04-25-06)

Note: This manual patch is only for IPB 2.1.x

open ips_kernel/class_upload.php

Find

else if ( ! $img_attributes[2] )
				{
					// Unlink the file first
					@unlink( $this->saved_upload_name );
					$this->error_no = 5;
					return;
				}
				
Add after

else if ( $img_attributes[2] == 1 AND ( $this->file_extension == 'jpg' OR $this->file_extension == 'jpeg' ) )
				{
					// Potential XSS attack with a fake GIF header in a JPEG
					@unlink( $this->saved_upload_name );
					$this->error_no = 5;
					return;
				}
				
save and upload ips_kernel/class_upload.php

==

open sources/action_public/search.php

Find

$this->output = preg_replace( "#(value=[\"']{$this->ipsclass->input['lastdate']}[\"'])#i", "\\1 selected='selected'", $this->output );

Replace with

$this->output = preg_replace( "#(value=[\"']".intval($this->ipsclass->input['lastdate'])."[\"'])#i", "\\1 selected='selected'", $this->output );

save and upload sources/action_public/search.php

==

open sources/lib/func_taskmanager.php

Find

$this->cron_key = substr( trim(stripslashes($_REQUEST['ck'])), 0, 32 );

Replace with

$this->cron_key = addslashes( substr( trim(stripslashes($this->ipsclass->txt_alphanumerical_clean($_REQUEST['ck']))), 0, 32 ) );

save and upload sources/lib/func_taskmanager.php

===

That's it