You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: WaldoPostPosted: Tue Mar 23, 2004 10:55 pm    Post subject: followup question...

as a followup for chatserv--

have these changes been included as well?

W



Nuke Cops -> BBtoNuke Bug Reports

All times are GMT - 8 Hours

Page 1 of 1

Powered by phpBB © 2001,2002 phpBB Group
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 314 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - BBtoNuke207 fully patched? BBtoNuke207 fully patched?

Nuke Cops -> BBtoNuke Bug Reports

Author: Waldo PostPosted: Tue Mar 23, 2004 10:43 pm    Post subject: BBtoNuke207 fully patched?

Just applied this successfully over my Nuke 6.5's bbtonuke206 without any issues. BUT I did notice one thing--

The patches described at the bottom of http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=180610 (the thread which announces 207) does NOT seem to have been applied to bbtonuke207! I quote:

<i>here are the changes for you to make to your source files to patch two new security issues found by Gulftech Security Research: </i>

Open viewforum.php

FIND ( Line 296 )

Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays'];


REPLACE WITH

Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']);


Open viewtopic.php

FIND ( Line 365 )

Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];


REPLACE WITH

Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']);



For ease of patching, I've adjusted the line numbers above to match the numbers in the current BBtoNuke207.zip's files. The files in question are in modules/Forums/

Question: Does the file need to be upgraded and people using current bbtonuke 207 warned? I just downloaded phpBB207 and it DOES have the changes made.

I'm going to crosspost this to the security forum as well.

W
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.150 Seconds - 324 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::