26

(88 replies, posted in Archive)

???????, Ign1111.
??????, ?????? ??????????? ??????? ??? ???? ?????????? ?????:
http://punbb.org/forums/viewtopic.php?pid=37578#p37578

?-?. ?????. ?? ???? ? ?? ???????. ???? ????? ?? ?????? ???????? ????????? ??????????. ????? ?????????? - ??????.

????????. ???????? ???-???? ????????? ??????????????. ????????? ??? ????? ???? ? ??? ?? ????? ??? ???-?? ??????????, ??? ??? ???-??.
??? ? ???? ?? ????????
?????? ????? ??????

??????, ????? ?????? ?? ??????? (?? ???? ??????????????) ???????

? ?????? ????? ???? ????????? ? ????????? (http://www.punbb.ru/viewtopic.php?id=165) ????? ????????? ????????? ????? ??????.
????? ???????????????, ????????? ???????? ???? uploads.php ? ???????? ?????????? ?????? ?????? ?? ???, ??? ?? ??????.
??? ???? ????? ?? http://punbb.awardspace.us/uploads.php ? ?? http://www.punres.org/files.php?pid=188

???????? ?????????:
1. ??????? copy() ?? ?????? ?????? ???????? ?? moveuploaded()
2. ?????? ??? ????? ? ???????? ?????? ????? 22 ??????? ??????? ?? 22 ????????, ? ???? ??? ????? ?????? ????? 30 ????????, ?? ??? ????????? ??? ?????? ????? ????? ?????, ??????????, ?????????? ????? (??? ??? ???????????? ? 30 ????????).
3. ???? input ??? ??????? ?????? ? 20 ????????, ????? ?????????? ?? ????? ??????. (??????, ??? ??? ????? ????? ????????, ???? ???? ???????? ???? ?????).
4. ?????? ?????????? ???? ???????????? ?????, ???????????? 100 ???????
(??? ???????? ???????????? ?????????? MAX_DIR_UPLOAD ? ????? ?????? ???????).

? ????????, ??? ???????? ????? ? ????????? ??????, ? ???? ?? ???? ??? ??? ??? ????? ????? ????????? ??? ??????? ??????.

md5 ???????????????? ??????? ?????????????????, ????? ??????? ?? php ??????????? (????? ??? ??? ?????????? - ????? ????? ?????). ? ????????? ?????? - ?????? $pass = md5($user_input); - ? ? ?????????? $pass ? ???? md5-???.

##
##
##        Mod title:  PunUploadExtra
##
##      Mod version:  1.1
##   Works on PunBB:  1.2.*
##     Release date:  2006-03-05
##           Author:  beotiger (beotiger@yandex.ru)
##
##      Description:  This mod allows your forum users upload their files to the
##                    site and download them. Also the mod has permission system for upload 
##                    managing. All file management goes through this mod.
##                    AM plugin is included to  
##                    set permissions for usergroups.
##
##   Affected files:  none
##
##       Affects DB:  Yes
##
##            Notes:  This mod was originally based on punUpload 1.1.1 by 
##                    ultime (Pierre-Luc Lacroix - ultime@omgultime.com),
##              and UploadMoD by Yevgen Zinchenko aka Loiso (loiso@ukrtop.com), 
##              but has been much rebuilt and added many new features
##                                         
##
##       DISCLAIMER:  Please note that "mods" are not officially supported by
##                    PunBB. Installation of this modification is done at your
##                    own risk. Backup your forum database and any and all
##                    applicable files before proceeding.
##
##

Download here

Main comments for the first release see at http://punbb.org/forums/viewtopic.php?id=10707

There are main changes:
1. Fixed all possible vulnerabilities.
2. French localization have been added (due to Apupv participating - we thank him!)
3. Filenames and their descriptions are now truncated to 30 characters in the next way:
    - if the length of filename is more than 30 characters long, it's outputed as first symbols of filename, '...', and its extension (so no more than 30 characters shown);
    - all words in description extended 22 characters cut to 22 characters.
   
4. All files in directory uploaded/ now can not exceed 100 Mbytes in size (this value regulates by the constant MAX_DIR_UPLOAD in the first line in file uploads.php, so you can change it to whatever you wish).

Living demo look at http://punbb.awardspace.us/uploads.php (russian test forum)

We recommend to upgrade, for upgrading is quite easy - just replace the main file uploads.php in the forum root directory by the one from archive, and you are done!

32

(9 replies, posted in General discussion)

Mark
Ok. And how one can fit this yuor face? wink

Apupv
Thank you very much.
This French localization will be in the version 1.1 coming tonight (+03GMT)

We value all feedback.

ALEXJ
Îòâåòüòå ìíå íà âîïðîñ - êàê âû ñòàâèëè ôîðóì punBB?

?????????????? ??????? ?????? ??????????????. ??? ????????????? ?????, ??????, ???  ????-?????? ??????????? ????????? ????? ? ??? ? ??? ????? ??????????????? ??? ?????????. ????? ??????...

OK. Frank H - what do you mean by hooks?

???????? ?????????, ??? ????? ????????. wink

ALEXJ wrote:

ìäà... ÷åñíî ãîâîðÿ...ÿ ïîíèìàþ.... ÷òîáû ñî âîåãî êîìïà ïîñòàâèòü ôîðóì... ìîäû.... À ×ÒÎ ÅÑËÈ ÎÍ ÇÀÐÅÃÀÍ ÁÅÑÏËÀÒÍÎ ??? è ñòîèò íå ó ìåíÿ íà ìàøèíå ..à òàì... íà òåõ áàçå... punBB ???

punBB - ?????????. ??? ? ??????????? ????? ? ????. ???? ?? ??? ?????? punBB ?? ???? ??????, ?? ??? ????? ?????? ???????? ? ???? ? ????.
? ???? ?? ?????? ??????????? punBB ?? ????? ???????, ?? ????? ?????? ????? ?????? ????????? ????. ??? ? ??? ????!

Yeah. Thank you Jansson. I had time to miss it...

íó ïî âåñó 20 mb òî îí óæ òî÷íî ïðîõîäèò)

Òàê è íå ïîíÿë, ñêîëüêî ôàéë âåñèë?
20 ìåòðîâ òåáå íèêòî àïëîäèòü íå äàñò ïðîñòî òàê. Ïîñìîòðè ïåðåìåííûå ñâîåãî php.
upload_max_filesize
file_uploads äîëæíà áûòü ðàâíà 1
post_max_size äîëæíà áûòü áîëüøå  upload_max_filesize
memory_limit äîëæåí áûòü áîëüøå ÷åì post_max_size

À íàñ¸ò ëè÷êè - ñìîòðè http://punbb.awardspace.us/doku.php#private_message_mod

? ?????? $sql .= ?? ?????? ?????? AND

?? ??????? ?? ??????, ????? ? ???? ????? ?????? sql.

?? ???? ???????? ?????? - ???????? ????.

????? ???? ?????????? ?????? ???????? ?? ??? ? ?? ??????...

May be I have not taken it, but you can track all changes made on punBB
by Rickard on http://dev.punbb.org/timeline
Just repeat His steps and you'll alwayas be up to date! wink

As concerning mods. Yep, I thought about one thing. It would be better for mod authors not just to write readme.txt files for all steps for the mod, but (may be in another file) just tell what they realy done - added, changed etc.
For example:
What readme.txt tells:
Find line #100 and replace it like that......
I would prefer to read: in line #100 add this column to fetch from the table.
And so on...
yikes

But I have got the next error:

Forbidden

You don't have permission to access / on this server.
Apache/2.0.51 (Fedora) Server at www.punres.org Port 80

One cookie I had deleted: punres.
May be my account or IP is wrong?
What should I do?

????????????? ??????????? XSS

? ?????? ???? ????????????? ??????????? ???????? ?????? ?????? ????. ??? ?????? ??????-?? ?????.
??? ??? ????? ?????? ???????. ?????????? ?????.

?? ??, ?? ????? ???, ? ?????? ?? ??????? ???? ???????

1 - ??? ??????????? ?????????? ?????.

?????? ?????? ??? ??????? ????? ???????????:

WHERE 1 AND X
?
WHERE X
???

? ? ??????? ????? ??? 1. ??? ????? ??? ?????? ?????????? ??????? ?? ?????? ???????? ?? ?????????? AND. ??? ?????? ?????????? ????.
? ??? ???????? ????????? ????????????, ??????? ??? ??? ??????? ? ????????? ????????????.

? ?????? ? ?????? ???????? ? HitMan.
?? ??????? ???? ???????? ??? ?????? ?????? ? ??????? ?? sql-????????, ??????? ?? ??? ?????? ?????????
??????????? ????? ?????? ????????? ??? ?????????????? ????.
??? ??? ??????:
'  or 1=1 UNION SELECT NULL, NULL, NULL, NULL

KCEOH
1. ??????? ?? ??? ?????????. ??. ???? ?? ???????? ? ?????? ???? ??????, ?????? ??? ???-?? ??? ???? ?????????, ?????? ?????? ??????.
2. 5 ????? ??? ??????? ?????. ? ?? awardspace.us ?????? ??? ????????? ?? ???? (?????? ???? ??????????????? ???????? ?????? ??? ???????). ??????? ?????? ?? ?? ???????. ? ??? php ? mysql ?????? ?? ????????? ??????. ?????? ??????? ? ???? ?????? ??????? ?????? ?? ??????, ?? ??? ?? ?? ?????????, ??????
3. type ??? engine - ??? ??? ???????? ?????? mysql. ??? ? ????? ??????????????? ??????? ???????? ??? ???? ? ?????????????? ?????? ? phpMyAdmin, ????? ?????? ?? ? ?????????? ???? ?  ? ??????? ??????? ??????? ?? ???? ????? (????? - ?????? ? ??????????). ??, ??? ???? ???????????.

+ ??? ?????? ???? ? ???????.???

??? ?????? ??????????? ???????????. ???? ?? ???????????, ?? ?? ?????? ??? ??????.
????? ??????? ?????????.

???????? ??????? ?????? ???????????, ????? ???????? ??????? ???? - ?????? ???????????, ?????? Error: Unable to fetch category/forum list. ? ??????????? ??? ?? ???????? ????? ????? ?????, ?? ??????, ?? ??-?????, ?? ????.

?? ?????? ?? http://punbb.awardspace.us ???? ??? ????? ?????? ????? ??????. ??????? ???, ?????? ????? ????, ????? ?????????. ?????????????????. ??. viewpoll.php ????????? ? ????????? ?????????? ??? ? viewtopic.php. ?????? ? ????? ??????? EasyBBCode+extraBBcode (?? ??????? ???? ?????).

? ?? ?????????? ?????? ????? ??????, ????? ???????? ?????? ????. ???? ??????? ??? - ??????, ? ???????? ??? ? ????????? ??????, ???? ??? ?????. wink

? ??? ???????. ??. ??? ????????? ????? ? ?????? ??????? ??????????? ???? ? ??????. ?? ????????? ????????? ???? ??? ? ????????? ???. ??? ??????????????? ????? ?????? ?????.

???? ?????????? ??? ???????? ????? ? ???? ???? - ??????, ?? ???????? ????????? ????.

?? ?????, ??? ???? ??????????? ??? opensource ?????????. ??? ??? ?????? ???????? ???????? ???? ? ???? ???????, ?????????????? ?? ???????? ???, ???? ???????? ?? - ? ????? ???????? - ???? ??? ???? ?????? ???? ????????.

KCEOH

? ????? ?????????? SELECT ... WHERE 1 AND ...

? ??? ????? ????????? ??? ?? ?? ???????????????

???????? ???? - ??????? % ???? ???????? ?????? ???????

???? ???????? ???????????? ??????. ???? ??? ??????? ?? 2 ?????? ?????. ??? ? ??? ????????? ?????, ?????? ????? ? ???? ?? attachment ???. ????? ??????? ??? ? ?????? ???????????, ?? ????? ?????. ?? ? ??? ???????? ??? ??? ?? ????? ?????? ?? ??? ???? (??????? ??? ???????????).
OpenSource ?????? ?? ????????.

? ??????? ????????? ????????? ????? ????? ???????, ???????? diff.
???. 78,91%. ??? ??????? ????? ????. ? ????????. (diff-?? ??? ????? ? UploadMod by Yevgen Zinchenko).

? ????? ? ???? ?????? ??, ??? ??? ?????????? ??????? ????????
? ???? ?????? ???? ???, ??????? ?????? ??? (? ???????, ??????), ???????. ? ?????? ????????? - ?? ??????? ??? ????. ?? ?????. wink

p.s.
KCEOH, ???? ??? ???? ????????? ??? ?????? sql-????????, ???? ?????????? ????. ????? ?????? ??? ?? e-mail, ???? ??????-??????? ?? ???????????????.

At first get it, please: http://www.punres.org/desc.php?pid=188

Yes. This mod was originally based on punUpload 1.1.1 by ultime (Pierre-Luc Lacroix - ultime@omgultime.com),           and UploadMoD by Yevgen Zinchenko aka Loiso (loiso@ukrtop.com),  but has been much rebuilt and added many new features.

Main features:
1. It's regular XHTML (tested on Fx 1.5+Tidy). I just like it be this way.
2. You can apply filter and sorting to file list output result.
3. Uses session to store all filter and sorting parametrs.
4. One can get file access in no way but through uploads.php script (or I just hope it is that wink)
5. You can set permissions for all groups.
6. You can add/change file categories and types allowed for uploading.
7. You can localize it to your native languge (in pack there are just English and Russian localizations. To my shame I have no command of another languages). Please, just translate file lang/English/uploads.php into your language and put it into appropriate directory. And you can send it to me so I will be able to put it in the next releases.
8. And, major feature (for me, at least) - you can easily uninstall it. To do this, just upload install_mod.php to your forum directory, run it, press button Restore, then delete this file and files /uploads.php, /lang/.../uploads.php, plugins/AMP_Uploads_Conf.php, and direcory /uploaded/ and all its content.

Get it (if you have not done this yet): http://www.punres.org/desc.php?pid=188

That's all, folks!
Enjoy.


P.S. Two secrets regarding this project: wink
If you linger mouse cursor on the date of file you will get its time.
Twice clicking on the header of the same column will revert sort order for this column.

??. ??????? ??????? ?? punres (http://www.punres.org/files.php?pid=188) ?? ?????????? ???????????:
1) ??????? ?????? ???????? ?????? ??? ?????? ???? ????????? ???????.
2) ??????? ???????? ????? ????? ????? ? ???????? ????? (?????? ??? ?? ????? ???? ?????? 200 ???????? - ??? ??? ???????, ??????? ???????????? big_smile). ??????????? ???????? ?????????????? ????? ??????? ? ??.

???????. ????? ??????? ????? ???????? ??????? ??????? ?????? ???? - uploadmod!
? ??? ?????? PunUploadExtra (?????!).
?? ????? ???? ? ??? ????? ????? ????? ???????, ?? ??? ??? ???????? - ????? ? ???? ???????.
? ??? ???????? ? ???? ????? - http://punbb.awardspace.us/uploads.php
???? ?????? ???????!  wink
??? ?? ?????? ?????? ??????? ? ??? ???.
?????? ????? ???? ?????? ?? PunRes.

?? - ??????! cool



---------------------------------------------
??????? ?????? ????? ??? punBB - http://punbb.awardspace.us/