xbtit 2.3.0 Security Fix of Torrents Folder

  • 0 Replies
  • 2241 Views
*

Offline King Cobra

  • XBTIT Maintainer / Developer
  • *****
  • 539
  • +0/-0
  • xbtitFM Administrator
xbtit 2.3.0 Security Fix of Torrents Folder
« on: October 19, 2014, 01:44:51 pm »
this security fix is so that the torrents folder can't have a query injection uploaded & the access code images are placed it it's own folder.
just extract the folders from the archive & upload them to your tracker root over writing files.

for older xbtit versions
in sanity.php
find:
Code: [Select]
         $tordir=realpath("$CURRENTPATH/../$TORRENTSDIR");
         if ($dir = @opendir($tordir."/"))
           {
            while(false !== ($file = @readdir($dir)))
               {
                   if ($ext = substr(strrchr($file, "."), 1)=="png")
                       unlink("$tordir/$file");
               }
            @closedir($dir);
         }
replace with:
Code: [Select]
    $CAPTCHA_FOLDER = realpath("$CURRENTPATH/../$CAPTCHA_FOLDER");
    if($dir = @opendir($CAPTCHA_FOLDER."/"))
    {
        while(false !== ($file = @readdir($dir)))
        {
            if($ext = substr(strrchr($file, "."), 1) == "png")
                unlink("$CAPTCHA_FOLDER/$file");
        }
        @closedir($dir);
    }

in config.php
find:
Code: [Select]
$TORRENTSDIR=$btit_settings['torrentdir'];add after:
Code: [Select]
$CAPTCHA_FOLDER='access_code';in class.captcha.php
find:
Code: [Select]
  function get_filename($public='') {
    global $TORRENTSDIR;
    if ($public=='')
      $public=$this->public_key;
    return $TORRENTSDIR.'/'.$public.'.'.$this->imagetype;
  }
replace with:
Code: [Select]
  function get_filename($public='') {
    global $CAPTCHA_FOLDER;
    if ($public=='')
      $public=$this->public_key;
    return $CAPTCHA_FOLDER.'/'.$public.'.'.$this->imagetype;
  }
then you just add the folder access_code from the archive to tracker root & the .htaccess file from the torrents folder in archive to your torrents folder ;)
« Last Edit: October 19, 2014, 01:59:19 pm by King Cobra »

 


Powered by EzPortal