You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 369 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Two 1.2b bugs...I think. [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Waldo
Nuke Soldier
Nuke Soldier


Joined: Mar 16, 2004
Posts: 24


PostPosted: Tue Jun 08, 2004 12:44 am Reply with quoteBack to top

Bug #1:

line ~280 or so:

Code:
."Spreadsheet: <A HREF=\"/fortress.csv\">fortress.csv</A>"


This presumes you are putting fortress and the fortress DB in your root directory. There are several reasons why you might NOT want to do this-- you (1) want to password protect the entire directory that the database file is in (2) want it in some arbitrary, non-guessable directory, or (2) don't want it accessible at all from the web.

There are a few fixes for this, but I'll leave it up to you to come up with your own.

Bug #2:

Line ~512 or so...
Code:
function Alligators($Food) {
        die("Banned by $Food"); }


$Food is defined as row #8 of the record pulled from the database. Unfortunately, when I just hit my own site with a test exploit, row #8 comes up blank. So I get a message:

Quote:
Banned by


with nothing after it. Using Safari/OS X for what it's worth. A solution might be to put something like this at the top of the function:

Code:
if (!isset($Food) {$Food=" me, you person.";}


Oh, one last thought-- a tip on making apache be able to write to the csv and htm files-- make the directory world-writable. As it turns out, this was necessary for me. This was really the reason I put those files in a subdirectory-- I don't want apache writing to the same directory all the other crap is in.

Just thought I'd pass along the love. Nice work on this so far. Hope comma seperated flat files don't slow page loads too much...

W
Find all posts by WaldoView user's profileSend private message
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939


PostPosted: Tue Jun 08, 2004 4:15 am Reply with quoteBack to top

Thanks for the tip, and that is a nice idea... if it can't pull it, just default it. TY

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.039 Seconds - 412 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::