This small patch will fix the 'newsPHP arbitary file inclusion & bad login validation' bug published on 1st sepember 2003. ===+++===+++===+++ Product: newsPHP Version: <= v216 Vendor: http://www.nphp.net Bug discover by: Officerrr <officerrr@poligon.com.pl> Vendor Response: no patch released since 1st September ===+++===+++===+++ Patch: ===+++===+++===+++ diff -ruN nphp/nfunc.php nphp.ofi/nfunc.php --- nphp/nfunc.php 2003-01-08 16:40:00.000000000 +0100 +++ nphp.ofi/nfunc.php 2004-01-04 21:47:08.000000000 +0100 @@ -292,6 +292,7 @@ function LoadSettings(&$config, &$users) { global $nphp_files, $nphp_common; + unset($users,$config); $raw_config = file($nphp_files["config"]); $id=0; ===+++===+++===+++ -- Pozdrawiam, Dariusz 'Officerrr' Kolasinski <Linux Administrator> <gg: 516354> "Living on a razors edge, Balancing on a ledge"
