How to automatically send PMs to my users?

This forum is now closed as part of retiring phpBB2.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

This forum is now closed due to phpBB2.0 being retired.
awereader
Registered User
Posts: 11
Joined: Tue Jul 24, 2007 7:00 pm

Re: How to automatically send PMs to my users?

Post by awereader »

All the actual code was encapsulated inside a function thus is completely unusable before being altered and presents no security risk whatsoever.

I'm sure Paul had good intentions but he was both technically wrong and personally insulting (I have posted the link to my site only after the code was censored so it's not like I'm using SPAM to get links...).
wGEric wrote:awereader, Insecure code is something we don't like here at phpBB.com. We want you to secure your code before you post it here. We don't want people using insecure code.

Paul is only trying to help you by telling you how to secure your code. Please don't second guess him. He knows what he is talking about when it comes to security.
User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34459
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Re: How to automatically send PMs to my users?

Post by A_Jelly_Doughnut »

awereader wrote:All the actual code was encapsulated inside a function thus is completely unusable before being altered and presents no security risk whatsoever.
That is a myth, for the reasons Paul described above. What you say is (usually) true for SQL injection type flaws which exist due to register_globals being on. $phpbb_root_path is a global variable in a function, so any include using it can be exploited by a technique called Remote File Inclusion.
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28651
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: How to automatically send PMs to my users?

Post by Paul »

Your code as posted was insecure, because it actually was in a function an you didnt check there correctly for IN_PHPBB was set.

Iam going to lock this now as you dont want to post it here, and this discussion goes nowhere.
Locked

Return to “[2.0.x] MOD Writers Discussion”