The one above got me thinking because of the "Forums&file=modules&name=Forums&file=modules/Forums/search"
strikes me as odd......
I've had nothing from the system, bar the regular reports- today it's gone MENTAL- there are others, and it's blocked a few IP's....
any feedback/ suggestions/ ideas welcome.
I've removed my actual site name and replaced with "sitename"- but it's not rocket science to work it out
_________________ Can't get my image to link
madman Support Mod
Joined: Feb 15, 2004
Posts: 806
Posted:
Thu Jun 17, 2004 2:03 pm
It was false alarms, but may caused by bad implementation in append_sid() function (this function declared in includes/session.php). Secondly, name and file are declared twice in URI queries. If you want, you can post the content of append_sid() function here (or PM me), and I'll fix it for you.
note:
Admin Secure restrict name and file arguments should pointing only to PHP file (no extension) without embedded with path.
I got the mail with the message, but couldn't access it......
(thanks for trying!)
append sid below- hope this helps!- thanks for your input!
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
// around every single URL and form action. If you replace the session
// code you must include this routine, even if it's empty.
//
function append_sid($url, $non_html_amp = false)
{
global $SID, $admin;
if (ereg("admin=1", $url) || ereg("admin_", $url) || ereg("pane=", $url)){
// The format is fine, don't change a thing.
} else if (ereg("Your_Account", $url)){
$url = str_replace(".php", "", $url); // Strip the .php from all the files,
$url = str_replace("modules", "modules.php", $url); // and put it back for the modules.php
}
else if (ereg("redirect", $url))
{
$url = str_replace("login.php", "modules.php?name=Your_Account", $url); // Strip the .php from all the files,
$url = str_replace(".php", "", $url); // Strip the .php from all the files,
$url = str_replace("?redirect", "&redirect", $url); // Strip the .php from all the files,
$url = str_replace("modules", "modules.php", $url); // and put it back for the modules.php
}
else if (ereg("menu=1", $url))
{
$url = str_replace("?", "&", $url); // As we are already in nuke, change the ? to &
$url = str_replace(".php", "", $url); // Strip the .php from all the files,
$url = "../../../modules.php?name=Forums&file=$url";
}
else if ((ereg("privmsg", $url)) && (!ereg("highlight=privmsg", $url)))
{
$url = str_replace("?", "&", $url); // As we are already in nuke, change the ? to &
$url = str_replace("privmsg.php", "modules.php?name=Private_Messages&file=index", $url); // and put it back for the modules.php
}
else if ((ereg("profile", $url)) && (!ereg("highlight=profile", $url)))
{
$url = str_replace("?", "&", $url); // As we are already in nuke, change the ? to &
$url = str_replace("profile.php", "modules.php?name=Forums&file=profile", $url); // and put it back for the modules.php
$dummy = 1;
}
else if ((ereg("memberlist", $url)) && (!ereg("highlight=memberlist", $url)))
{
$url = str_replace("?", "&", $url); // As we are already in nuke, change the ? to &
$url = str_replace("memberlist.php", "modules.php?name=Members_List&file=index", $url); // and put it back for the modules.php
} else {
$url = str_replace("?", "&", $url); // As we are already in nuke, change the ? to &
$url = str_replace(".php", "", $url);
$url = "modules.php?name=Forums&file=".$url; //Change to Nuke format
}
if (preg_match('/modules\.php\?name\=Forums/i', $url))
{
if (preg_match('/file\=.+\/([^\&]+)\&?/i', $url, $matches)) $url = preg_replace('/file=[^\&]/i', 'file='.$matches[1], $url);
if (!preg_match('/sid\=.+/i', $url)) $url .= ( ($non_html_amp) ? '&' : '&' ) . $SID;
return $url;
}
It is likely one or some of your forum mods calling append_sid() function multiple times to the same url string. Also, I have no idea how &file argument can contain path instead of filename. However, try the above patch. Let me know if it won't work as expected.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
