Nuke Cops and Tom's phpbb2 port upgrade to phpbb 2.0.4
Date: Thursday, February 13 @ 13:03:51 CET
Topic: Security


Nuke Cops, with Tom's permission, has upgraded the phpbb2 forums port. An analysis of the upgrade should be explained first.

Tom's phpbb2 newest port, which is now integrated into PHP-Nuke 6.5 is released as version 2.0.6.

The phpbb2 2.0.6 port is based on phpbb2 standalone version 2.0.3.

Many of you are aware that both the standalone 2.0.3 and port 2.0.6 are susceptible to a not so nice security risk.

Nuke Cops has just upgraded the phpbb2 port to version 2.1, which is based on Tom's 2.0.6 but reflects phpbb2 standalone 2.0.4. The 2.0.4 version fixes the nasty security risk.

Currently the new release, dubbed nukephpbb version 2.1 can be seen in action at ComputerCops. However, the release is being debugged and tested by the entire Elite Nukers group at Nuke Cops.

In addition, the new nukephpbb version 2.1 release incorporates the following additional code modifications:

  • Sessions.php checks the USER-AGENT string of each page request in the forums. If the USER-AGENT matches a list of several dozen array elements then the "&sid" is not displayed in the URL. Some of these array elements include "googlebot" and other search engines. In theory, engines like Google do not display results with "&sid" in the URL.
  • Also included in the code is the function to "word wrap" long lines. The object is to stop those annoying long lines when viewing topics and being forced to scroll horizontally. Tests can be conducted and seen here.

    Lastly Tom agreed to make a news posting about this new release. Expect to see it soon at his site: bbtonuke.





  • This article comes from NukeCops
    http://www.nukecops.com

    The URL for this story is:
    http://www.nukecops.com/modules.php?name=News&file=article&sid=60