Search found 8795 matches

by Noxwizard
Thu Oct 31, 2019 3:56 am
Forum: General Discussion
Topic: php7-fpm vulnerability CVE-2019-11043
Replies: 8
Views: 2866

Re: php7-fpm vulnerability CVE-2019-11043

Before I posted my answer, I did test it first on a phpBB 3.2.8 install. Without the try_files check, the posted exploit succeeds. With the try_files check, the exploit fails. Most likely, the transfer that occurs when changing to the fallback URI changes some of the internal state that the exploit ...
by Noxwizard
Wed Oct 30, 2019 4:35 am
Forum: General Discussion
Topic: php7-fpm vulnerability CVE-2019-11043
Replies: 8
Views: 2866

Re: php7-fpm vulnerability CVE-2019-11043

from my understanding, the sample config for nginx from phpBB is vulnerable: read the list of preconditions there. looks like they're satisfied. in particular, the redirect fallback in try_files still hits, so the malformed url will hit php-fpm. That does not appear to be a sufficient condition for...
by Noxwizard
Sat Sep 28, 2019 6:43 pm
Forum: [3.2.x] Support Forum
Topic: php 7.3.9
Replies: 1
Views: 191

Re: php 7.3.9

PHP 7.3 is not supported in phpBB 3.2 and won't be until phpBB 3.3.
by Noxwizard
Fri Sep 20, 2019 3:32 am
Forum: [3.2.x] Support Forum
Topic: CSRF Protection
Replies: 5
Views: 473

Re: CSRF Protection

Not every form has a CSRF token associated with it. The search form is one that doesn't. Forms that result in an action that represents a specific user are protected with a CSRF token. Things like login, posting, private messages, all ACP actions, etc. are protected. In the HTML source, you will see...
by Noxwizard
Sat Jul 06, 2019 2:00 am
Forum: [3.2.x] Support Forum
Topic: Software cannot find database
Replies: 1
Views: 286

Re: Software cannot find database

This means that the PHP (not phpBB) module for that database has not been enabled. Installation instructions for MySQLi: https://www.php.net/manual/en/mysqli.installation.php
by Noxwizard
Sun Jun 23, 2019 11:57 pm
Forum: [3.2.x] Support Forum
Topic: [SOLVED] Cache issues, among other upgrade errors
Replies: 6
Views: 554

Re: Cache issues, among other upgrade errors

Since this is triggered by the reparser, it may be caused by polls with BBCodes or smilies in them. The new BBCode format is more verbose than the old one and will use up more space. Try looking for polls meeting that criteria.
by Noxwizard
Tue Mar 19, 2019 2:02 am
Forum: [3.2.x] Support Forum
Topic: fix.php for 3.2.5
Replies: 4
Views: 389

Re: fix.php for 3.2.5

The fix for 3.2 is here: viewtopic.php?p=14911826#p14911826
by Noxwizard
Sat Jan 26, 2019 5:18 pm
Forum: [3.2.x] Support Forum
Topic: Spambot countermeasures - Configuration with reCAPTCHA v3
Replies: 6
Views: 1255

Re: Spambot countermeasures - Configuration with reCAPTCHA v3

phpBB does not currently support reCAPTCHA v3. There is a ticket open to add support for it: https://tracker.phpbb.com/browse/PHPBB3-15937
by Noxwizard
Thu Jan 10, 2019 2:42 am
Forum: Extension Requests
Topic: how do you add that thumbs up and thumbs down
Replies: 3
Views: 635

Re: how do you add that thumbs up and thumbs down

The Ideas section is this extension: https://github.com/phpbb/ideas

Moved to Extension Requests as that sounds like more than what you're wanting, which will need a different extension.
by Noxwizard
Sat Jan 05, 2019 5:34 pm
Forum: [3.2.x] Support Forum
Topic: (36)File name too long
Replies: 5
Views: 489

Re: (36)File name too long

Yes I did, I even edited a pagespeed setting on the server "ModPagespeedMaxSegmentLength", but same problem. But I was just thinking! The domainname changed a few days ago, could it be that pagespeed has still the old domain in the cache? Because I see this in the error: referer: https://www.allerl...
by Noxwizard
Sun Dec 30, 2018 11:56 pm
Forum: [3.2.x] Support Forum
Topic: Question regarding a fresh install on a personal LEMP server?
Replies: 3
Views: 304

Re: Question regarding a fresh install on a personal LEMP server?

Have you tried using the sample nginx configuration file provided in the docs/ folder?
by Noxwizard
Sun Dec 30, 2018 11:50 pm
Forum: [3.2.x] Support Forum
Topic: phpBB Bug? Need fix!
Replies: 14
Views: 605

Re: phpBB Bug? Need fix!

As others have stated, you cannot block access to the JavaScript and CSS files as the browser directly accesses those in order to render the page. You can block access to the *.html files in the styles/<your_style>/template/ directory though since the template engine uses those and not the browser.
by Noxwizard
Fri Dec 28, 2018 11:20 pm
Forum: [3.2.x] Support Forum
Topic: 3.24 -> 3.25 update error (SOLVED!)
Replies: 11
Views: 617

Re: 3.24 -> 3.25 update error

Check your settings in config.php. From the error message, it's saying that it can't connect to the database.
by Noxwizard
Sat Nov 03, 2018 4:29 pm
Forum: [3.2.x] Support Forum
Topic: Forum wont load after sending a message
Replies: 16
Views: 980

Re: Forum wont load after sending a message

I'm noticing that your DNS server takes a long time to resolve the domain. It takes quite a few tries and timeouts before even Google's resolver gets an address for it.

Go to advanced search