[BETA] Rabbitoshi 3.1.3

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
User avatar
End of a Shadow
Registered User
Posts: 1557
Joined: Sun Apr 27, 2003 6:39 pm
Location: Washington
Name: J G
Contact:

[BETA] Rabbitoshi 3.1.3

Post by End of a Shadow »

Classification: Rabbitoshi

MOD Name: Rabbitoshi Lite
Author: Ethalic/Insydius
MOD Description: An advanced pet system for your forum which permits users in raising their very own pet!

MOD Version: 3.1.3
Installation Level: Easy
Installation Time: ~ 10 Minutes

Download File: rabbitoshi3.1.3.zip
File Size: 259 KB


Do note that this was an update on the most stable version formly 3.1.2, the changelog is pretty up-to-date of all the 3.1.x changes I had done previously before being shut down as an individualist. Please keep all bug reports to this single thread. It is highly suggested and encourage not to use any previous version of Rabbitoshi due to vulnerabilities and unpatched compromises that my remake had addressed from Dr DLP's R1, OP's R2, and my early version of R3.

This version is guaranteed to work perfectly without and errors or known exploits. This modification still requires a mod that implements 'user_points' as a forum currency whether you choose Xore's CashMOD or Robbies PointsMOD. ADR is not a requirement for Rabbitoshi by any means, however addition of ADR is possible but for certain ADR versions.

Included in this pack is additional instructions to backwards compatible Rabbitoshi to ADR0.3.4 and by default instructions for ADR0.4.1, all ADR instructions in the future releases will not be included in the default installment but rather contrib folders listing the ADR versions. There is an ADR0.4.4 compatibility installment which will be released later by the said team so please limit questions and concerns about version compatibilities till after all compatibilities are released.

If you wish to see a live demo of the latest Rabbitoshi live, then I suggest you view my site Cataclysm Designs the official Rabbitoshi demo board. Which uses little to no additional modifications and graphics for a smooth testing experience along with a demo account for those that do not wish to register, which is still available if desired.

http://phpbb.insyderonline.com/rabbitoshi.php
username: test
password: test

If you are a owner of a previous version of RabbitoshiMOD, I recommend to upgrade as soon as possible. Not much requirements are necessary aside removing all previously existing files and replacing with the newest files included in the download. No database changes were made as of yet.

Thanks, The Rabbitoshi Team.
Last edited by End of a Shadow on Tue May 01, 2007 2:10 am, edited 7 times in total.
User avatar
Ptirhiik
Registered User
Posts: 7411
Joined: Mon Jan 06, 2003 10:36 pm
Contact:

Post by Ptirhiik »

Caution : your vars coming from external ($_POST or $_GET) are not sanatized prior going into a sql request, nor properly escaped.
User avatar
*=Matt=*
Registered User
Posts: 389
Joined: Mon Dec 20, 2004 11:56 pm
Location: Oakdale, Wisconsin

Post by *=Matt=* »

I'll beta test it.. Give me a sec :)
User avatar
End of a Shadow
Registered User
Posts: 1557
Joined: Sun Apr 27, 2003 6:39 pm
Location: Washington
Name: J G
Contact:

Post by End of a Shadow »

Ptirhiik wrote: Caution : your vars coming from external ($_POST or $_GET) are not sanatized prior going into a sql request, nor properly escaped.


I'm not too familar with SQL Injection prevention, but would this be effective?

Code: Select all

if ( 'submit_form' )
{
	$Creature_name = $HTTP_POST_VARS['Creaturename'];
	$Buypet = $HTTP_POST_VARS['Buypet'];
	$Petbuyed = $HTTP_POST_VARS['petbuyed'];
	$Vet = $HTTP_POST_VARS['Vet'];
	$confirm_Vet = $HTTP_POST_VARS['confirm_Vet'];
	$Feed = $HTTP_POST_VARS['Feed'];
	$Shop = $HTTP_POST_VARS['Shop'];
	$Drink = $HTTP_POST_VARS['Drink'];
	$Clean = $HTTP_POST_VARS['Clean'];
	$Owner_list = $HTTP_POST_VARS['Owner_list'];
	$Hotel = $HTTP_POST_VARS['Hotel'];
	$Hotel_out = $HTTP_POST_VARS['Hotel_out'];
	$Hotel_in = $HTTP_POST_VARS['Hotel_in'];
	$Evolution = $HTTP_POST_VARS['Evolution'];
	$Evolution_exec = $HTTP_POST_VARS['Evolution_exec'];
	$Evolution_pet = intval($HTTP_POST_VARS['evolution_pet']);
	$resurrect_ok = $HTTP_POST_VARS['resurrect_ok'];
	$resurrect_no = $HTTP_POST_VARS['resurrect_no'];
	$Sellpet = $HTTP_POST_VARS['Sellpet'];
	$confirm_sell = $HTTP_POST_VARS['confirm_sell'];
	$prefs = $HTTP_POST_VARS['prefs'];
	$prefs_exec = $HTTP_POST_VARS['prefs_exec'];
}
Or should I use isset around the $_POST vars?
User avatar
Ptirhiik
Registered User
Posts: 7411
Joined: Mon Jan 06, 2003 10:36 pm
Contact:

Post by Ptirhiik »

You have to htmlspecialchars() the incoming alphanum values, and intval() the numerics, and when going into sql, to escape quotes and slashes.
User avatar
Kalipo
Registered User
Posts: 551
Joined: Mon Dec 08, 2003 1:47 pm

Post by Kalipo »

Nice to see this brought back :D
Solid Strike
Registered User
Posts: 147
Joined: Sun Jun 19, 2005 11:09 am
Location: England
Contact:

Post by Solid Strike »

edit *nevermind*
oO | Naruto-Board.com | Oo

MODs Installed : EasyMOD - Nuttzy | Fix For The Firefox "Remember Passwords" Problem - T0ny | Today At/Yesterday At - netclectic | Advanced IP Results - dESiLVer | Welcome on Index - cherokee red | Moderator CP - kooky | Disable Board Message - damnian | Advanced time management - -=ET=- | Prune User Posts - R45 | Custom Title MOD - Aexoden | Online/Offline/Hidden - kooky | Group Icons - TacoV | eXtreme Styles | Simple Subforums | YouTube | Report Posts (Alpha)
oldcqr
Registered User
Posts: 18
Joined: Sat Jan 28, 2006 9:25 pm

Post by oldcqr »

Is this a revision of the 'stand alone' mod, or does it also require the ADR mod(Advanced Dungeons and Rabbits)?

I assume it also needs the/a 'Cash' mod, right?
User avatar
End of a Shadow
Registered User
Posts: 1557
Joined: Sun Apr 27, 2003 6:39 pm
Location: Washington
Name: J G
Contact:

Post by End of a Shadow »

Yes thats the original copy of this mod, this mod does not require ADR however there is a folder in the installment called ADR0.4.1 which enables you to add the addons of Rabbitoshi to be compadible with ADR if you so choose, and yes this requires a point system and CashMOD is the excellent choice of point systems out there. Just remember to name the currency field db to "user_points".
User avatar
MHobbit
Former Team Member
Posts: 4761
Joined: Thu Mar 18, 2004 5:32 pm
Location: There and Back Again

Post by MHobbit »

Hello,

Please change your MODs version number as outlined in MOD Development forum rules, section 2. Your MOD as being in development requires a development version number as stated in the phpBB versioning scheme.

For example if your MOD is currently displaying v1.0.0, you can change it to 0.1.0 or 1.1.0, depending on your feelings of it's development status. Even minor version numbers (y of x.y.z) are reserved for release versions. If you believe your MOD is of a quality that deserves a release version, please do not hesitate to submit your MOD to the phpBB.com MODDB (MOD release database) for validation pending release.

Thank you,
The phpBB MOD Team
Former phpBB MOD Team member
No private support is offered.
"There’s too many things to get done, and I’m running out of days..."
User avatar
End of a Shadow
Registered User
Posts: 1557
Joined: Sun Apr 27, 2003 6:39 pm
Location: Washington
Name: J G
Contact:

Post by End of a Shadow »

As per Ptirhiik's security note, I rather not submit to the moddb just yet. However I'll go through and change the dev status to 1.0 until any major fixes.
User avatar
End of a Shadow
Registered User
Posts: 1557
Joined: Sun Apr 27, 2003 6:39 pm
Location: Washington
Name: J G
Contact:

Post by End of a Shadow »

Rabbitoshi updated to version 3.1.1, so check up the inital post for the latest changelog as well as the newest download location.

Also an official demo board has be appointed here for individual testing as well as deeper and organized support found here.

Thank you for testing.
User avatar
Ptirhiik
Registered User
Posts: 7411
Joined: Mon Jan 06, 2003 10:36 pm
Contact:

Post by Ptirhiik »

er... You have still the mod fully opened to hacks, for the same reason I already reported... You have really to fix this ASAP, it is a critical issue.
User avatar
End of a Shadow
Registered User
Posts: 1557
Joined: Sun Apr 27, 2003 6:39 pm
Location: Washington
Name: J G
Contact:

Post by End of a Shadow »

As I said I'm not familar with potential security fixes. Also this is still beta so until I do learn how to apply your suggestions it will remain in beta testing and encouraged not to use on live phpBB site's.
User avatar
Ptirhiik
Registered User
Posts: 7411
Joined: Mon Jan 06, 2003 10:36 pm
Contact:

Post by Ptirhiik »

Check this post, it will help you on this. Check also the core phpBB files, you will find number of examples on this.
Post Reply

Return to “[2.0.x] MODs in Development”