You are not logged in. Please login or register.
Active topics Unanswered topics
Search options (Page 140 of 307)
Topics by Smartys User defined search
Posts found: 3,476 to 3,500 of 7,674
gsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbnggsodhishojugdsjugsjsgdljljbng
Edit: seems fine to me. My guess is that your stylesheet doesn't have overflow: hidden where it should.
Post the full code for the page, in the next few days I might have the time to rewrite the queries (I believe you're looking at very large topics, which means the queries need to be approached differently).
You can ban *@hotmail.com by default I believe
greenpeas wrote:I am getting this error on page one...
An error occured on line 58 in file /homepages/40/d154139219/htdocs/morningstar/punBB/include/dblayer/mysql.php.
PunBB reported: Unable to connect to MySQL server. MySQL reported: Unknown MySQL Server Host 'ldb785.perfora.net' (1)
(ver. MySQL 3.23.58
on 1and1.com)
any ideas on what I'm doing wrong?
Thanks!
Talk to your host, it sounds like that's not your MySQL server's address
505 wrote:I've got a question about the following change:
Moved template tag replacement of pun_include to the top of all replacements to prevent exploitation via XSS vulnerabilities. On top of this, all included files must have one of the file extensions .php, .php4, .php5, .inc, .html, .htm or .txt.
I have a PunBB integrated in a custom CMS and all the scripts use an object $db for database access. Almost the same as PunBB's one, but not exchangable. My $db is created in the include files, and this used to work because this was done in footer.php, after all PunBB's database queries were done. In the new version this happens in header.php, so the CMS's $db overwrites PunBB's CMS.
I've changes the include code back from header.php to footer.php (with the extension check), but what are the risks of having it there?
With an XSS vulnerability, a malicious user could execute any file in the include/user directory with those file endings as PHP. So if you also had an upload form somewhere where the directory could be manipulated, someone could potentially execute arbitrary PHP if they found an XSS vulnerability in PunBB.
Topic is not a part of the default Last post info: I'd suggest undoing whatever changes you just made and trying them again
Moved to Modifications
Try adding this after the first <?php tag:
@set_time_limit(0);
frames or iframes
You mean hide it in the address bar (because people can always navigate directly to it and see it in the bar at the bottom of the page)?
Check out
/* 6. SPACING AROUND CONTENT */
Beofre contacting your host, check your error log and see what information it's reporting
Nobody said deleting, I meant what file are you editing?
What do you want to know? How to set up a database server?
Moved to General Discussion
I'm confused, what are you editing?
The last visit time is only updated when you logout or when more than o_timeout_visit seconds have happened since your last visit. I'm afraid the only issue I can see there is if the server time were having issues jumping around (I've seen that happen on some servers, although only on the order of a few seconds).
e- wrote:Does this fix the "PunBB <= 1.2.14 Remote Code Execution Exploit" in search.php?action=show_new that was released recently?
Yes, that specific exploit takes advantage of 3 vulnerabilities in versions <= 1.2.14 but requires the site to be running a somewhat out of date version of PHP, register_globals to be on, ini_get to be disabled (or stopped from working properly), and a version of MySQL >= 4.1. Any sites do match those criteria should be updated ASAP.
Moved to Troubleshooting
No, that's not the issue: talk to your host about updating their mod_security rules.
My guess would be that the root of your server is C:\Program Files\e-novative\WAMP\www, so upload the forum files either directly to there or put them in the folder. Then navigate to the path in your browser.
foxmask wrote:Can someone explain to us why the <pun_include "foobar.php"> in the footer.php has desapeared ?
http://dev.punbb.org/changeset/937
I don't think there's a query to do that (at best, you would have to do multiple queries).
I think the best you could do would be to grant all on all databases and then grant certain privileges on the global level (eg: create database). The issue then would be when another user creates a database, you wouldn't have access to it
mi wrote:Changelog:
* Beefed up the referrer check in admin/options.
What is this?
Before, the referrer check (the check used to make sure your forms are being submitted from a legitimate page) for that page was more lax than the one used in other pages (because the base URL could be set on the page). For security reasons, the referrer check there is now more strict
The username/password that you created? If that doesn't work, I'm not sure
Posts found: 3,476 to 3,500 of 7,674