|
|
phpBB2 by Przemo
Support forów phpBB2 modified by Przemo
|
|
Security issues phpBB < 2.0.19 also phpBB by Przemo |
Autor |
Wiadomość |
Przemo
Pomógł: 210 razy Posty: 3148
|
Wysłany: 31-12-2005, 14:01 Security issues phpBB < 2.0.19 also phpBB by Przemo
|
|
|
Security issue valid for Internet Explorer all versions of phpBB < 2.0.19
Allow to read cookies of all users using Internet Explorer, so allow to log in as this user.
Open file: /includes/bbcode.php
phpBB modified by Przemo < 1.9 Kod: | Find:
$patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is";
Replace with:
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
Find:
$patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is";
Replace with:
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; |
Version 1.9 or higher Kod: | Find:
$patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
Replace with:
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
Find:
$patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
Replace with:
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is"; |
Bottom for all version
Find: Kod: | $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); | Replace with: Kod: | $text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]"); |
Find: Kod: | if ( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) | Replace with: Kod: | if ( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) ) |
Find: Kod: | if ($close_pos = strpos($text, '"]', $curr_pos + 9)) | Replace with: Kod: | if ($close_pos = strpos($text, '"]', $curr_pos + 14)) |
Find: Kod: | if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false) | Replace with: Kod: | if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false) |
Find: Kod: | $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2); | Replace with: Kod: | $possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7); |
Open file: /includes/functions_post.php
Find: (In 1.9 version it appear two times, replace two times) Kod: | $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>'); | Replace with: Kod: | $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"'); |
Open file: privmsg.php
Find: Kod: | $html_entities_match = array('#&#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>'); | Replace with: Kod: | $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"'); |
|
|
|
|
|
Gadatliwa Kasia
|
|
|
|
Mobilemick
Posty: 6
|
Wysłany: 31-12-2005, 15:16 r
|
|
|
Sorry in advance........
Is this code change for the new .19 patch that as been released, or is it to update .18 i was using ?
Have looked in bbcode.php and couldnt find the first line of text .
thanks
Mick |
_________________ http://x12.putfile.com/12/35515074440.jpg |
|
|
|
|
Edel
Pomógł: 19 razy Posty: 181
|
Wysłany: 31-12-2005, 15:33
|
|
|
Przemo napisał/a: | Open file: /includes/functions_post.php
Find: (In 1.9 version it appear two times, replace two times)
Kod:
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');
Zamień na:
Kod:
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"'); |
I see bug.
Translate
|
_________________ Uwodzenie kobiet |
|
|
|
|
Mobilemick
Posty: 6
|
|
|
|
|
melbo
Pomógł: 2 razy Posty: 99
|
Wysłany: 01-01-2006, 07:28
|
|
|
hmmm, made the corrections and now my doesent work |
_________________ You just never know... |
|
|
|
|
pearman
Pomógł: 2 razy Posty: 36
|
Wysłany: 01-01-2006, 09:54
|
|
|
hello folks, you also have to do this:
in bbcode.php file find:
Kod: | $text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text); |
after that add this:
Kod: | $text = preg_replace("/\[quote:$uid="(.*?)"\]/si", $bbcode_tpl['quote_username_open'], $text); |
do not replace this because old quote's will stop works.
regards. |
_________________ od dzis, wszelkich swoich modyfikacji nie bede umieszczal na tym forum na stale
jednoczesnie prosze moderatorow aby nie usuwali wygaszania z moich postow, z gory dziekuje.
http://beatsfactory.pl/qbs/fora.html |
|
|
|
|
Gadatliwa Kasia
|
|
|
|
Engwareion
Posty: 3
|
Wysłany: 03-08-2006, 16:54
|
|
|
pearman napisał/a: | hello folks, you also have to do this:
in bbcode.php file find:
Kod: | $text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text); |
after that add this:
Kod: | $text = preg_replace("/\[quote:$uid="(.*?)"\]/si", $bbcode_tpl['quote_username_open'], $text); |
do not replace this because old quote's will stop works.
regards. |
i did but. but it didn't work. my [quote] command isn't work now. |
|
|
|
|
|
Nie możesz pisać nowych tematów Nie możesz odpowiadać w tematach Nie możesz zmieniać swoich postów Nie możesz usuwać swoich postów Nie możesz głosować w ankietach Możesz załączać pliki na tym forum Możesz ściągać załączniki na tym forum
|
Dodaj temat do Ulubionych Wersja do druku
|
Kopiowanie wszelkich treści zawartych na forum, modyfikacji oraz instrukcji bez zgody administracji i autorów tematów/postów zabronione!
Powered by phpBB modified by Przemo © 2003 phpBB
| Strona wygenerowana w 0,09 sekundy. Zapytań do SQL: 12 | |
|
|