I just realized something: if the cache folder isn't chmodded correctly, by looking at the quickjump cache I can find out about the existance of secret forums: not necessarily all that bad, since all I get is the names and ids, but it still shouldn't happen 
Of course, this is all fixed by chmodding the folder correctly, but for a lot of people that could pose a problem.
7,376 2005-03-01 15:04
Topic: Quickjump cache (6 replies, posted in PunBB 1.2 bug reports)
7,377 2005-03-01 12:44
Re: Global Moderation 1.0 (10 replies, posted in PunBB 1.2 modifications, plugins and integrations)
I had to take my own, home-made version of this mod and throw it out: I had an admin only forum that I realized mods could read from if they were bored enough to go through all possible ids using edit or delete. 
7,378 2005-02-27 23:18
Topic: admin_options.php with no referrer set (3 replies, posted in PunBB 1.2 bug reports)
I accidentally had referrer logging disabled when I went to admin_options.php to tweak a few things.
When I submitted the form, I got this
Notice: Undefined index: HTTP_REFERER in [place]/admin_options.php on line 41
7,379 2005-02-27 17:58
Re: Subscription possible when subscriptions disabled (4 replies, posted in PunBB 1.2 bug reports)
Nope, I checked the code and there just isn't a check (other then for guests)
7,380 2005-02-27 17:01
Topic: Subscription possible when subscriptions disabled (4 replies, posted in PunBB 1.2 bug reports)
I disabled subscriptions on my forum. Just as a test, I checked what would happen if I subscribed. Surprisingly, it subscribed me. And more surprisingly, when I checked the code in post.php, it appears as if I would actually be subscribed.
7,381 2005-02-27 15:19
Re: "There is no valid language pack 'English' installed. Please reinstall (26 replies, posted in PunBB 1.2 troubleshooting)
Just remove all other styles (or keep them in another folder, in case you change your mind)
7,382 2005-02-27 14:24
Re: UploadMoD (52 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Erm, someone enable debug and remove the @ so we get better errors then this?
7,383 2005-02-26 15:36
Re: moving messages from on forum to the other? (15 replies, posted in Feature requests)
A split topic mod was made, just not for 1.2.x yet
7,384 2005-02-26 13:17
Re: UploadMoD (52 replies, posted in PunBB 1.2 modifications, plugins and integrations)
lol, I don't intend on using it, just on testing it
You still didn't change install_mod.php to accept 1.2.2
Oh, and I just downloaded it: it looks like the exact same thing to me
7,385 2005-02-26 12:55
Re: UploadMoD (52 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Yup, I got that too: and I couldn't upload (but that's unrelated)
Change
<?php echo $lang_uploads['Uploader']; ?>
to
<?php echo 'Uploader'; ?>
7,386 2005-02-26 12:39
Re: UploadMoD (52 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Take a look at erissiva's code: the replacements that were done are correct to fix it
*oh yes, go 300th post! 
*
7,387 2005-02-26 12:38
Re: Users deleting their own posts... (2 replies, posted in PunBB 1.2 bug reports)
1. Yes, that's how it should work
2. You can prevent it by going to Admin -> User Groups and changing the Members usergroup setting for Delete topics from on to off
7,388 2005-02-26 01:09
Re: Pruning Users (3 replies, posted in PunBB 1.2 troubleshooting)
Well, that would work fine.
But if you're using a 1.2.x version, there's an admin plugin for that
7,389 2005-02-25 19:54
Re: Converting from punBB (25 replies, posted in PunBB 1.2 troubleshooting)
Jonex: Converters are made because people want to leave a forum, when there's a demand for them
7,390 2005-02-25 11:24
Re: Global Moderation 1.0 (10 replies, posted in PunBB 1.2 modifications, plugins and integrations)
It's possible to make a much more crude mod then this which does what you want.
7,391 2005-02-25 00:42
Re: PunBB 1.2.2 (37 replies, posted in News)
No problem Rickard, always a pleasure to help out
7,392 2005-02-24 19:50
Re: putting posts in different forums (3 replies, posted in Feature requests)
Yes
7,393 2005-02-24 16:34
Re: Global Moderation 1.0 (10 replies, posted in PunBB 1.2 modifications, plugins and integrations)
lol, that's what the mod does
7,394 2005-02-24 11:04
Re: CSS Win IE fix breaks IE6 text size (5 replies, posted in PunBB 1.2 troubleshooting)
Looks perfectly fine for me...
7,395 2005-02-24 11:02
Re: putting posts in different forums (3 replies, posted in Feature requests)
- Moving
- Edit the first post
7,396 2005-02-24 00:28
Re: [Release] Global Topic (25 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Well, to make it a "global topic" plugin would require PunBB to be modded: there's no way for there to be a global topic currently
This way, it's only an admin plugin
7,397 2005-02-24 00:24
Re: Calendar 2.0 (296 replies, posted in PunBB 1.2 modifications, plugins and integrations)
OK, this is HUGELY abusable with SQL injections. :-/
Until this is fixed, I would suggest anyone who has it installed on a publicly accessable site pull it down temporarily.
SQL injection basically means that it is possible to manipulate one or more variables in a way it wasn't intended, usually for malicious purposes. It is usually possible due to a lack of checking.
Example (lets say we're viewing stats on a user):
select * from user where id = $_GET['id']
I don't check that $_GET['id'] is a number (or do a simple intval()). That means that I could do this
select * from table where id = 0 union select password,password,(etc, however many columns there are) from table where id = [person I want to hack's ID]
If the passwords aren't hashed, I can just login as normal. If they are, the hashes can still be exploited in certain situations. And I could do this for any variable on any table.
However, it's easily fixed in this case. Where-ever you are taking in data from the outside that should be a number, make sure that it is, using something like this:
$var = intval($_GET['var'])
where var is the variable name.
7,398 2005-02-23 02:11
Re: rss.php problems (17 replies, posted in PunBB 1.2 troubleshooting)
No problem
7,399 2005-02-23 01:37
Re: rss.php problems (17 replies, posted in PunBB 1.2 troubleshooting)
hehe, syntax highlighting is a great tool for debugging
7,400 2005-02-23 01:02
Re: rss.php problems (17 replies, posted in PunBB 1.2 troubleshooting)
Yeah, it looks good.
I just took a look at what you're talking about. The fix is:
Change line 90 to
$entities_decimal = array(" ","¡","¢","£","¤","¥","¦","§","¨","©","ª","«","¬","","®","¯","°","±","²","³","´","µ","¶","·","¸","¹","º","»","¼","½","¾","¿","À","Á","Â","Ã","Ä","Å","Æ","Ç","È","É"," ","Ë","Ì","Í","Î","Ï","Ð","Ñ","Ò","Ó","Ô","Õ","Ö","×","Ø","Ù","Ú","Û","Ü","Ý","Þ","ß","à","á","â","ã","ä","å","æ","ç","è","é","ê","ë","ì","í","î","ï","ð","ñ","ò","ó","ô","õ","ö","÷","ø","ù","ú","û","ü","ý","þ","ÿ","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","\"","&","<",">","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","?","'");The guy didn't escape a " properly: that line has it fixed