Search found 388 matches

by AnthraX101
Sat Jul 15, 2006 4:08 am
Forum: 2.0.x Discussion
Topic: [img] is this a security issue?
Replies: 11
Views: 1512

The IMG tag will probably not get all that much more restrictive. It was originaly filtered to prevent exactly what romans1423 stated, users embeding PHP reqests within an img such as: [img]http://www.phpbb.com/phpBB/login.php?logout=true[/img] However this is no longer considered sufficent filterin...
by AnthraX101
Sun Jul 09, 2006 6:44 am
Forum: 2.0.x Discussion
Topic: Registry utilization
Replies: 2
Views: 441

The code does something similar, it populates an array ($board_config) with a single query:

Code: Select all

SELECT * FROM phpbb_config
AnthraX101
by AnthraX101
Sat Jul 08, 2006 4:57 pm
Forum: 2.0.x Discussion
Topic: Coding question
Replies: 4
Views: 530

Hey drathbun, Yeah, I know about that part. But sometimes the original file will have code that starts in the middle of the line like this: 1234567 abcdefgh but it'll tell you to replace it with something that looks like this 12345678 abcdefghi So I was just wondering if it matters where you start ...
by AnthraX101
Tue Jul 04, 2006 7:05 pm
Forum: 2.0.x Discussion
Topic: "MSN Search Team" Malware Redirect?
Replies: 8
Views: 744

You must be mistaken then, they all have security fixes in them (the ones you have skipped recently anyway) 8) Let me rephrase: no non-trivial security fixes :wink: 2.0.20 fixes a critical issue allowing an attacker to take complete control of your server. It also fixes several XSS issues, that may...
by AnthraX101
Sun Jul 02, 2006 5:32 am
Forum: 2.0.x Support Forum
Topic: I'm getting logged out...
Replies: 222
Views: 24087

But phpbb doesn't check your IP when logging in as admin? It only checks that the username and password is correct. I don't see why having a dynamic IP can be a problem, but obviously it is if you found that a static IP solves all of your problems.. Sessions are bound to Class C addresses. If your ...
by AnthraX101
Fri Jun 23, 2006 3:43 am
Forum: 2.0.x Support Forum
Topic: I'm getting logged out...
Replies: 222
Views: 24087

Let me see if I can help to shed some light on a few "new" cases in which autologin will fail. One of the things the new autologin code does is change the "secret" that the client has stored every time that the autologin is invoked. This can cause autologin to be reset whenever the following happens...
by AnthraX101
Sun Jun 18, 2006 3:10 am
Forum: 2.0.x Support Forum
Topic: 2.0.21 quote issue
Replies: 101
Views: 10837

joeydee wrote: Anthrax,

what does that mean security holes? I have no idea what it means? Like somone can hack my board?


Yes, exactly.

AnthraX101
by AnthraX101
Sun Jun 18, 2006 2:52 am
Forum: 2.0.x Support Forum
Topic: 2.0.21 quote issue
Replies: 101
Views: 10837

Marshal... It's fixed... i think the functions_post.php there was a line in there that was doubling all the new posts. So what i did was I install my backup version of functions_post "i still have your copied backed up as well" just wanted to let you know. You been a great help ol chap!!! Many than...
by AnthraX101
Fri Jun 16, 2006 1:47 am
Forum: 2.0.x Support Forum
Topic: [solved] quotation - change
Replies: 18
Views: 496

So it's only posts that were made prior to the upgrade to 2.0.21 that should be causing formatting issues? Is my understanding correct, here? Yes, that is what is happening with me. Posts quoting messages made with 2.0.21 are fine, just all the posts using quote prior to 2.0.21 are formatted weird....
by AnthraX101
Tue Jun 13, 2006 5:25 pm
Forum: 2.0.x Discussion
Topic: Getting image urls to work
Replies: 8
Views: 884

Also, you can work around this on the server end using mod_rewrite. You can map "http://mixfevers.com/response.php?ng&img=kg5vjok149.jpg" to something like "http://mixfevers.com/response/ng/kg5vjok149.jpg", which PHPBB would accept. This is why I refer to it as a futile attempt, because any script ...
by AnthraX101
Tue Jun 13, 2006 2:47 pm
Forum: 2.0.x Support Forum
Topic: Three Frustrating problems with my board 2.0.20
Replies: 3
Views: 248

Please reupload with 2.0.21. Something went wrong with your old codebase, and your board currently has an enormous security hole.

AnthraX101
by AnthraX101
Tue Jun 13, 2006 2:00 pm
Forum: 2.0.x Support Forum
Topic: keep me logged in option checked.. get this..
Replies: 2
Views: 204

You did not complete the update. Be sure to update the "constants.php" file. It was not updated correctly.

AnthraX101
by AnthraX101
Tue Jun 13, 2006 1:40 pm
Forum: 2.0.x Discussion
Topic: Getting image urls to work
Replies: 8
Views: 884

..So basically the entire script needs to be redone to accomidate phpbb's retrictions that are supposed to protect underpatched computers? Yes. Here's some more details: Two regexes are used to parse IMG bbcode: $text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|j...
by AnthraX101
Mon Jun 12, 2006 8:36 pm
Forum: 2.0.x Support Forum
Topic: Disable quicktime avatars?
Replies: 6
Views: 342

It looks like your users are allowed custom titles...

If so, please give the account "anthrax101" permission to set his own title.

AnthraX101
by AnthraX101
Mon Jun 12, 2006 5:13 pm
Forum: 2.0.x Discussion
Topic: BBCODE Image Restrictions
Replies: 1
Views: 346

Two regexes are used to parse IMG bbcode: $text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); $patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$ui...

Go to advanced search