Forums Patched

News and announcements will be posted here.
Post Reply
User avatar
The Beatles
Fear me for I am root
Posts: 6285
Joined: Tue May 24, 2005 8:12 pm

Post by The Beatles »

Hello All,

I've finally patched up our forum software to close the security holes that were present in it. The Secunia Advisories of the holes I've patched, or verified the patch was installed for, are:

http://secunia.com/advisories/14329/
http://secunia.com/advisories/11053/
http://secunia.com/advisories/11008/
http://secunia.com/advisories/10530/
http://secunia.com/advisories/9883/
http://secunia.com/advisories/9712/
http://secunia.com/advisories/7154/
http://secunia.com/advisories/9266/
http://secunia.com/advisories/8182/
http://secunia.com/advisories/15265/
http://secunia.com/advisories/16348/ (This was much more subtle, it was actually disallowing multiple headers in one line and not sending them at all, which was undetected due to an @-call.)

Vulnerabilities I THINK I've fixed, but am not sure:
http://secunia.com/advisories/10446/

Not-patched, but not critical:
http://secunia.com/advisories/15545/

Most of them didn't apply to our version.
:wq
Top
User avatar
Freenhult
13th Division Captain
Posts: 3380
Joined: Mon Jan 02, 2006 2:30 am
Location: Valparaiso
Contact:
Contact Freenhult

Post by Freenhult »

Way to go Beatles!
Nami kotogotoku, waga tate to nare. Ikazuchi kotogotoku, waga yaiba to nare. Sōgyo no Kotowari!

波悉く我が盾となれ雷悉く我が刃となれ,双魚の理 !

Every wave be my shield, every lightning become my blade!
Top
User avatar
Gen. Volkov
I'm blue, if I was green I would die.
Posts: 2342
Joined: Sat Dec 11, 2004 11:47 pm
Location: Boringtown, Indiana

Post by Gen. Volkov »

Excellent job there!
It is said that when Rincewind dies, the occult ability of the human race will go UP by a fraction. -Terry Pratchett
Top
User avatar
Slasher
The FAF Forums SMEGHEAD!!! lol
Posts: 2635
Joined: Mon May 03, 2004 5:08 pm
Location: http://florida4us.com/
Contact:
Contact Slasher

Post by Slasher »

You're gonna be chuffed...

http://faf.staronesw.com/forum/index.php?act=Stats&CODE=leaders

"The Moderating Team"

needs fixing :P

Theres a fix on invisionize somewhere

but other than that, nice one
I do not have a signature, you must be imagining

http://florida4us.com/

Image
Top
User avatar
Slasher
The FAF Forums SMEGHEAD!!! lol
Posts: 2635
Joined: Mon May 03, 2004 5:08 pm
Location: http://florida4us.com/
Contact:
Contact Slasher

Post by Slasher »

This is a problem caused by your host upgrading their version of mySQL. It now uses the word 'mod' as a keyword, but this query was already using it, so it gets confused. To fix this, open sources/misc/stats.php and find:

code: Select all

    $DB->query("SELECT m2.id, m2.name, m2.email, m2.hide_email, m2.location, m2.aim_name, m2.icq_number,
                       f.id as forum_id, f.read_perms, f.name as forum_name, c.state
                FROM forum_moderators mod
                  LEFT JOIN forum_forums f ON(f.id=mod.forum_id)
                  LEFT JOIN forum_categories c ON(c.id=f.category AND c.state != 0)
                  LEFT JOIN forum_members m2 ON (mod.member_id=m2.id)
                ");
Change this to:

code: Select all

    $DB->query("SELECT m2.id, m2.name, m2.email, m2.hide_email, m2.location, m2.aim_name, m2.icq_number,
                       f.id as forum_id, f.read_perms, f.name as forum_name, c.state
                FROM forum_moderators moder
                  LEFT JOIN forum_forums f ON(f.id=moder.forum_id)
                  LEFT JOIN forum_categories c ON(c.id=f.category AND c.state != 0)
                  LEFT JOIN forum_members m2 ON (moder.member_id=m2.id)
                ");
Find this:

code: Select all

    $DB->query("SELECT m.id, m.name, m.email, m.hide_email, m.location, m.aim_name, m.icq_number,
                       f.id as forum_id, f.read_perms, f.name as forum_name, c.state
                FROM forum_moderators mod
                  LEFT JOIN forum_forums f ON(f.id=mod.forum_id)
                  LEFT JOIN forum_categories c ON(c.id=f.category AND c.state != 0)
                  LEFT JOIN forum_members m ON ((mod.is_group=1 and mod.group_id=m.mgroup))
                ");
Change to:

code: Select all

    $DB->query("SELECT m.id, m.name, m.email, m.hide_email, m.location, m.aim_name, m.icq_number,
                       f.id as forum_id, f.read_perms, f.name as forum_name, c.state
                FROM forum_moderators moder
                  LEFT JOIN forum_forums f ON(f.id=moder.forum_id)
                  LEFT JOIN forum_categories c ON(c.id=f.category AND c.state != 0)
                  LEFT JOIN forum_members m ON ((moder.is_group=1 and moder.group_id=m.mgroup))
                ");
Then save and upload.




Source: http://forums.invisionize.com/index.php?showtopic=70543
I do not have a signature, you must be imagining

http://florida4us.com/

Image
Top
User avatar
The Beatles
Fear me for I am root
Posts: 6285
Joined: Tue May 24, 2005 8:12 pm

Post by The Beatles »

Someone posted a rather disgusting set of images here that I shan't dwell on.
:wq
Top
User avatar
Slasher
The FAF Forums SMEGHEAD!!! lol
Posts: 2635
Joined: Mon May 03, 2004 5:08 pm
Location: http://florida4us.com/
Contact:
Contact Slasher

Post by Slasher »

People keep doing that, I usually see them before any of you lot wake up, and Freenhult usually deletes them too... I think it might be an idea to install a mod that doesn't allow images or links to be added to posts until the post count is around about 10 at least or something like that.
I do not have a signature, you must be imagining

http://florida4us.com/

Image
Top
User avatar
Death
Furi Kuri
Posts: 641
Joined: Tue Apr 03, 2007 4:34 am
Contact:
Contact Death

Post by Death »

Was it the pain series or just pron?
*Might attract more things*
Dralfith: OH MY GOD
Dralfith: THIS IS TOO MUCH
Dralfith: (Profanity is a sign of Maturity)
Dralfith: WHY DID WE DO THIS?!
Acid Soulxx: I DON'T KNOW, WE MIGHT BE GLUTTONS FOR PUNISHMENT.
Top
User avatar
Freenhult
13th Division Captain
Posts: 3380
Joined: Mon Jan 02, 2006 2:30 am
Location: Valparaiso
Contact:
Contact Freenhult

Post by Freenhult »

Most likely the latter.
Nami kotogotoku, waga tate to nare. Ikazuchi kotogotoku, waga yaiba to nare. Sōgyo no Kotowari!

波悉く我が盾となれ雷悉く我が刃となれ,双魚の理 !

Every wave be my shield, every lightning become my blade!
Top
User avatar
Death
Furi Kuri
Posts: 641
Joined: Tue Apr 03, 2007 4:34 am
Contact:
Contact Death

Post by Death »

If it's that bad, I would suggest looking into more recent forum software. A lot of good free ones are out there, and you can transfer all the information you have.
Dralfith: OH MY GOD
Dralfith: THIS IS TOO MUCH
Dralfith: (Profanity is a sign of Maturity)
Dralfith: WHY DID WE DO THIS?!
Acid Soulxx: I DON'T KNOW, WE MIGHT BE GLUTTONS FOR PUNISHMENT.
Top
User avatar
Slasher
The FAF Forums SMEGHEAD!!! lol
Posts: 2635
Joined: Mon May 03, 2004 5:08 pm
Location: http://florida4us.com/
Contact:
Contact Slasher

Post by Slasher »

I'd recommend SMF if we have to change, but I like this one so if it can be patched that would be better.
I do not have a signature, you must be imagining

http://florida4us.com/

Image
Top
Post Reply

  • Members connected in real time

    🔒 Close the panel of connected members

Return to “News”