Register | Login | |||||
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
| |
0 users currently in Programming. |
Acmlm's Board - I3 Archive - Programming - Hole Fixes!! | New poll | | |
Add to favorites | Next newer thread | Next older thread |
User | Post | ||
Randy53215 Melon Bug Since: 11-17-05 From: Greenfield, Wisconsin (U.S.A) Last post: 6284 days Last view: 6283 days |
| ||
This thread is to be dedicated to hole fixes that are in distro's.
If you know of a hole we would appreciate you reporting it through a PM. That's all I have for now until I get the latest distro of the board. [sticky] |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6283 days Last view: 6283 days |
| ||
I can give you the latest version, if you don't mind a horribly (in)complete version that still has a lot of misplaced floating code. | |||
DarkSlaya 930 Gamma Ray Since: 11-17-05 From: Montreal, Canada Last post: 6284 days Last view: 6283 days |
| ||
Originally posted by ExKay I'd appreciate, too. |
|||
smwedit Red Paragoomba Since: 11-18-05 Last post: 6469 days Last view: 6285 days |
| ||
this is similar to what I use and it works
to prevent basic sql injection: in edituser.php, find: $birthday=mktime(0,0,0,$bmonth,$bday,$byear); add above it: $numposts = intval($numposts); $pemail = intval($pemail); $powerlevel = intval($powerlevel); $posttool = intval($posttool); $useranks = intval($useranks); $userid = intval($userid); $postsperpage = intval($postsperpage); $threadsperpage = intval($postsperpage); $timezone = intval($timezone); $icq = intval($icq); $sex = intval($sex); and to prevent auto submitting: find: $inph=userid VALUE=$id> add above or under it: $inph=thepass VALUE='$loguser[password]'> and find: if($_POST[action]=='saveprofile'){ change it to: if($_POST[action]=='saveprofile' and $thepass==$loguser[password]){ (edited by smwedit on 12-06-05 03:33 PM) |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6283 days Last view: 6283 days |
| ||
pity that method was obsoleted | |||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6283 days Last view: 6283 days |
| ||
Well there it goes, I fired off two test copies to Randy and Darkslaya, and then one to (obviously) Acmlm,...
*X shrugs |
|||
mvent2 Paragoomba Since: 11-17-05 From: Brizzy, Australia Last post: 6604 days Last view: 6604 days |
| ||
No need for that thepass at all. Replace
if($_POST[action]=='saveprofile'){ with if($_POST[action]=='saveprofile' && $isadmin){ and that provides the same level of protection. |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6283 days Last view: 6283 days |
| ||
Originally posted by mvent2 That provides no extra protection at all. |
|||
mvent2 Paragoomba Since: 11-17-05 From: Brizzy, Australia Last post: 6604 days Last view: 6604 days |
| ||
WTF? How does it work? | |||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6283 days Last view: 6283 days |
| ||
Try actually looking at the code. | |||
smwedit Red Paragoomba Since: 11-18-05 Last post: 6469 days Last view: 6285 days |
| ||
Originally posted by mvent2mine was to prevent people from using auto submitting forms to force an administrator to make a user owner |
|||
Sakura Secret! Since: 11-30-05 Last post: 6354 days Last view: 6324 days |
| ||
Just ignore him, mmvent has no clue about what he's saying. | |||
Lord SkyLart Cukeman Since: 11-18-05 Last post: 6332 days Last view: 6332 days |
| ||
Originally posted by smweditOne question is that for 1.a2 or 1.92. I am thinking 1.92. |
|||
Ice Man Panser Since: 11-18-05 From: Germany Last post: 6382 days Last view: 6319 days |
| ||
It works for both, you just have to know where to place it. | |||
Lord SkyLart Cukeman Since: 11-18-05 Last post: 6332 days Last view: 6332 days |
| ||
Ok. Thanks for the info. | |||
Parasyte + Red Paragoomba Since: 01-05-06 Last post: 6604 days Last view: 6604 days |
| ||
You forgot a few. (edited by X on 01-05-06 01:22 PM) |
|||
Xkeeper Took the board down in a blaze of glory, only to reveal how truly moronical ||bass is. Since: 11-17-05 From: Henderson, Nevada Last post: 6283 days Last view: 6283 days |
| ||
I don't see why that isn't being filtered right now... | |||
Ikuzou Micro-Goomba Since: 02-03-06 From: Japan Last post: 6631 days Last view: 6631 days |
| ||
Xkeeper+:
Could you please give me a copy too please? I want to examine the board... |
Add to favorites | Next newer thread | Next older thread |
Acmlm's Board - I3 Archive - Programming - Hole Fixes!! | | |