101 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

yep, it's not optimized ... (in the first pages there's one that points out the same problem, and created a fix aswell)

But for PunBB 1.3 I'll rewrite the code again, to fit with the hooks, and I'll try to make it much more optimized... (and I'm going to look more into the JOIN aswell)


in the rules, you could easily end up with more than 255 chars ... as you set them with

txt"jpg"jpeg"gif"bmp"tga"tiff"tif"zip"z01"z02"z03"z04"rar"r00"r01"r02
and so on...

(and since it doesn't store so many lines, I figured it would be ok ... as it's only a per forum and per group setting)


Thanks for the input though, it's always nice to get tips and such smile

Go to forum: PunBB 1.2 modifications, plugins and integrations

102 Reply by Frank H

(22 replies, posted in PunBB 1.2 troubleshooting)

no, the php setting

http://se2.php.net/manual/en/features.safe-mode.php

Go to forum: PunBB 1.2 troubleshooting

103 Reply by Frank H

(22 replies, posted in PunBB 1.2 troubleshooting)

using safemode?

Go to forum: PunBB 1.2 troubleshooting

104 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

that edit shouldn't need to be there, perhaps you have another mod that interfer within edit.php?
(seems to me you're missing at least step 15 in the readme.txt, as that's where the variables are defined... edit.php is affected by steps 9 to 19)

Go to forum: PunBB 1.2 modifications, plugins and integrations

105 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

@volker: First off, it will only show one upload field, to add more files you need to edit the message. (I don't like javascripts, as I find it to bloat everything, and you might have 100 allowed files for some groups (admins are unlimited), and it shouldn't add one field for each ... + it's less code with this solution)
From the readme.txt

##                    And as a further upgrade, posts are no longer limited to
##                    one attachment per post. I still have a limit of one file
##                    per opportunity (i.e. one on post creation, rest on edit),
##                    but the admin set the limit of max files per post, a per 
##                    group and per forum basis.

Secondly, it sounds like you've missed a step in the edit.php file, recheck that all edits are in the file.

--------------------------------------------------------------------------------------------

@Everyone: I'm REALLY busy at work at the moment, and will be for at least until the end of the year, so I might be slow at answering questions. I hope you all will understand.
I was planning on releasing an 'intermediate' release for 1.2.13 (as there has been a lot more questions lately, a bunch seemingly related to safemode on, that I guess some hosts has started to used recently + using the mod with a bunch more mods, I'm sorry for yo uaffected by this, that I haven't found time to look deeply into this) ...

Anyhow, considering that PunBB 1.3 is somewhere in the horizon, I'm not sure I'll have the energy to do it, as it will all change to that release, but still be compatible with the already saved files from the current mod.
(I'll try to do an easy installing extension out of it, but it will require some work, and if you can wait for PunBB 1.3 + time needed for me to fix the extension, it might be a bit easier for you if you wait for that, and perhaps only need to upload, change permissions, run the installer)...

Do note that I'm not saying you shouldn't use this mod, I'm just saying it probably will be a much easier thing to use as an extension ... and if you feel you don't like editing the 50 or so steps, you might be able to cope until PunBB 1.3

Now I need to eat something and head off to bed, so I can get up tomorrow morning wink

Go to forum: PunBB 1.2 modifications, plugins and integrations

106 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

are you by any chanse trying to use it on a sqlite database? (if so, the mod doesn't work, as mentioned on the first post of this thread)

if not, do you already have the tables in the config table? (check with a tool such as phpmyadmin or similar)


(sorry for the late reply, but I've been working my ass off the last couple of days ... (including the weekend))

Go to forum: PunBB 1.2 modifications, plugins and integrations

107 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

you probably have safemode on the server, you must disable it to get uploads to work (and you need to run install_mod.php sucessfully before using viewtopic.php)

Go to forum: PunBB 1.2 modifications, plugins and integrations

108 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Dexus wrote:

Frank H, something like hdiff for updated (NULL byte exploit) AP_Attachment_Mod would be very nice smile

no hdiff(don't have it installed), but a simple cut'n paste wink

Find (line 879)

    // rewrite stuff from POST variables
    $form['use_icon'] = intval($_POST['use_icon']);
    $form['icon_folder'] = $_POST['icon_folder']; //later strip out all < > | ? * " from the string, to try to up the safety
    $form['icon_extension'] = $_POST['icon_extension']; //later strip out all \ / < > | ? *  from the string, to try to up the safety
    $form['icon_name'] = $_POST['icon_name']; //later strip out all \ / < > | ? *  from the string, to try to up the safety
    $form['create_orphans'] = intval($_POST['create_orphans']);
    $form['always_deny'] = $_POST['always_deny']; //later strip out all \ / < > | ? *  from the string, to try to up the safety
    $form['max_size'] = intval($_POST['max_size']);
    $form['basefolder'] = $_POST['basefolder']; //later strip out all < > | ? * " from the string, to try to up the safety

Replace with

    // rewrite stuff from POST variables
    $form['use_icon'] = intval($_POST['use_icon']);
    $form['create_orphans'] = intval($_POST['create_orphans']);
    $form['max_size'] = intval($_POST['max_size']);
    // remove unallowed chars
    $attach_replace_matches = array('<','>','|','?','*',"\0"); //strip out all < > | ? * NULL from the string, to try to up the safety
    $form['icon_extension'] = str_replace($attach_replace_matches,'',$_POST['icon_extension']);
    $form['icon_name'] = str_replace($attach_replace_matches,'',$_POST['icon_name']);
    $form['always_deny'] = str_replace($attach_replace_matches,'',$_POST['always_deny']);
    $attach_replace_matches[] = '"'; // add the " to unallowed chars
    $form['icon_folder'] = str_replace($attach_replace_matches,'',$_POST['icon_folder']);
    $form['basefolder'] = str_replace($attach_replace_matches,'',$_POST['basefolder']);

That should make the poison null vulnerability a thing of the past wink

Go to forum: PunBB 1.2 modifications, plugins and integrations

109 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

I'll see if I can fix something when I get back from work (but I'm working late today, so I might not be able to do it today)

all changes are at one place (oh, and the little update text I put at the top)
search for "< >" and you'll probably find the changes smile  (I had written something about "...later replace < > | ? * " ..." or such ...

Go to forum: PunBB 1.2 modifications, plugins and integrations

110 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Sounds like the cachefiles haven't been updated, check that the "attach_cur_version" is in the cache_config.php, if it isn't there, remove the cachefile, and let punbb generate a new cachefile.

Go to forum: PunBB 1.2 modifications, plugins and integrations

111 Reply by Frank H

(4 replies, posted in PunBB 1.2 discussion)

The Attachment mod was also affected by this, so update the administrative plugin.

Go to forum: PunBB 1.2 discussion

112 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

The NULL byte exploit that PunBB was patched for, was also in the Attachment Mod, it is now patched with an updated administrative plugin.
(It is only exploitable by administrators, but I still encourage everyone to update the plugin).

To patch your mod, download the updated plugin from PunBB Resource and overwrite the file in the plugins folder on your forum.
(The zipfile is called "AP_Attachment_Mod-Patch_NULL_vuln.zip")

Go to forum: PunBB 1.2 modifications, plugins and integrations

113 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

You can always release it as a mod, on a mod smile

(I tried to write it so that others would be able to use bits and pieces ... and for the mod to PunBB 1.3 I'll try to make it even more universal)

Go to forum: PunBB 1.2 modifications, plugins and integrations

114 Reply by Frank H

(45 replies, posted in News)

Thnx!
Updated ... still within the 24h limit I've set for myself wink

Go to forum: News

115 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

First of all, you need to edit install_mod.php to allow 1.2.XX. Where XX is the version you're running (or it will just say it's not the correct version when you try to run it)

Go to forum: PunBB 1.2 modifications, plugins and integrations

116 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

follow the installation guide mentioned in the first post of this thread. (especially about "Installing on 1.2.6+")

Go to forum: PunBB 1.2 modifications, plugins and integrations

117 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

check that all the changes has been made in viewtopic.php

Go to forum: PunBB 1.2 modifications, plugins and integrations

118 Topic by Frank H

(0 replies, posted in Archive)

Har funderat ett litet tag på att skaffa mig en/flera adresser, men har inte någon riktig koll (har bara kört gratisalternativ från dyndns.org hittills)

Vem har ni köpt av, och hur är de?
Om man har dynamiskt ip, finns det tillgång så att man kan använda automatisk uppdatering som på dyndns.org? (har en server som uppdaterar om det byts)

Tja, det är väl det man behöver veta egentligen ... men tänkte att det var lika bra å fråga sig för wink

Go to forum: Archive

119 Reply by Frank H

(8 replies, posted in PunBB 1.2 discussion)

www.punres.org wink

Go to forum: PunBB 1.2 discussion

120 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

sounds like your cachefiles doesn't get updated, try deleting the phpfiles in /cache/

Go to forum: PunBB 1.2 modifications, plugins and integrations

121 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Have you set the max alloed size in the plugin for the attachment mod?
And also rules for other groups?

("Setup the mod" in the Installation guide)

Go to forum: PunBB 1.2 modifications, plugins and integrations

122 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

no error suppression ... so it looks like the php isn't 'seeing' the file

are the enctype="multipart/form-data" in the <form> tag in post.php?

Go to forum: PunBB 1.2 modifications, plugins and integrations

123 Reply by Frank H

(500 replies, posted in PunBB 1.2 modifications, plugins and integrations)

hmm, as you followed the installation guide, did you as an admin attach a really small file? (i.e. a textfile with only the word "test" in it)

if it doens't work, does it show up in the attachment directory, or in the database?
if it doesn't show up in the database/files , then it's probably some permissions that isn't set as it should between PHP->OS, perhaps the safemode is interfering on that one ...
(admins override any securitychecks, so rules aren't involved in this test, and a tiny textfile is less than what's set in the mods setting for max filesize, the only thing an admin doesn't override)

hmm, I guess the safemode might interfer and doesn't allow the mod to work at all ... the install_mod.php won't run (it will start complaining about .htaccess and index.html, that it's not allowed to copy them, even though the directory is 777, didn't you get that error?) ...
(and I'm not sure it will allow you to upload files afterwards either)

Does avatars work? (they can also be affected by the safemode setting)

Go to forum: PunBB 1.2 modifications, plugins and integrations

124 Reply by Frank H

(60 replies, posted in PunBB 1.2 troubleshooting)

Meowmeow wrote:
Frank H wrote:

disable avatars until the host answers?

I've tried, there's still the problem.

You need to disable it in admin->options=="Use avatars" to "No", not in your profile

Go to forum: PunBB 1.2 troubleshooting

125 Reply by Frank H

(10 replies, posted in PunBB 1.2 troubleshooting)

could perhaps be that some SQLtables reference to non-existant tables ...
I suppose you don't have a backup of the database prior to this 'out of space' thingie? wink

but, if you have phpmyadmin or similar, you could first and foremost check the tables, if mysql itself is broken (in the structure, select all tables, and choose 'check' (or similar, I have another language installed on myphpadmin), the online table will have a note, but the others should say 'Ok')

But, for the actual database, I suppose Rickard is the one with the knowledge on what to search for 'errorwise' ... but I guess there could be threads pointing at nonexistant posts, or such ...

Do all pages fail, or only a couple of pages? If only a couple, it might be possible to figure out what type of queries are used ... perhaps giving a hint of where to search ...

Go to forum: PunBB 1.2 troubleshooting