You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 328 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - BBtoNuke207 fully patched? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Waldo
Nuke Soldier
Nuke Soldier


Joined: Mar 16, 2004
Posts: 24


PostPosted: Tue Mar 23, 2004 10:43 pm Reply with quoteBack to top

Just applied this successfully over my Nuke 6.5's bbtonuke206 without any issues. BUT I did notice one thing--

The patches described at the bottom of http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=180610 (the thread which announces 207) does NOT seem to have been applied to bbtonuke207! I quote:

<i>here are the changes for you to make to your source files to patch two new security issues found by Gulftech Security Research: </i>

Open viewforum.php

FIND ( Line 296 )

Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays'];


REPLACE WITH

Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']);


Open viewtopic.php

FIND ( Line 365 )

Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];


REPLACE WITH

Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']);



For ease of patching, I've adjusted the line numbers above to match the numbers in the current BBtoNuke207.zip's files. The files in question are in modules/Forums/

Question: Does the file need to be upgraded and people using current bbtonuke 207 warned? I just downloaded phpBB207 and it DOES have the changes made.

I'm going to crosspost this to the security forum as well.

W
Find all posts by WaldoView user's profileSend private message
Waldo
Nuke Soldier
Nuke Soldier


Joined: Mar 16, 2004
Posts: 24


PostPosted: Tue Mar 23, 2004 10:55 pm Reply with quoteBack to top

as a followup for chatserv--

have these changes been included as well?

W
Find all posts by WaldoView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.116 Seconds - 229 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::