Rickard wrote:

Or take it straight from the horses mouth big_smile

http://blog.punbb.org/2007/09/18/preven … f-attacks/

I guess I can't just code my own implementations of 1.3's functionalities tongue.

I got it fixed anyway.



Oh... true that.

*Opens Google roll*

Hmm...  Okay.

I was wondering if this function was a real add-up in security, since the rights (moderator, admin, post-owner) are verified at each operation.

Is there any situation where this can really be exploited, or can I just keep the function disabled without much trouble?


(2 replies, posted in PunBB 1.2 show off)

I took the original rewriting mod and modified it quite a bit.  I have no detailed list of all the modifications to the original script, but I'll try to make something for you during the holidays vacations!

Hello guys,

I've done an URL-rewriting modification on my BB which makes topics have url like http://[mytld]/##-Forum-Name/t###-thread-name.html

Since then, I can neither lock, or move threads because of the referer confirmation.

function confirm_referrer($script)
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
        message($lang_common['Bad referrer']);

I'm quite bad with regex and I have a quite hard time figuring out how to do this one...

Anyone can help?



(2 replies, posted in PunBB 1.2 show off)

Hey guys!

I loooove punBB since I've installed it two months ago.

I've tweaked it quite a bit. I've added a mod for PMs and to embed videos.

Other than that, I've tweaked the whole forum, to mark the threads as visited, even with that timestamp matter.  I've also implemented an URL-rewriting mod of my own, for better SEO.

Next thing to do is to make a style which will fit with the site.

What do you think about it, guys?