Topic: PunBB 1.2.16

Here's just a short message announcing the release of 1.2.16. This time around, we've fixed two security vulnerabilities and corrected topic/post counts for forums to include redirected topics. The only two scripts affected by the update are profile.php (two lines) and include/functions.php (a few lines). The vulnerabilities are relatively serious, so we recommend that everyone upgrade as soon as possible.

Thanks to the people who reported the issues (details in the changelog).

Now, back to 1.3 ...

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: PunBB 1.2.16

Thanks.

Re: PunBB 1.2.16

You might want to hold off on downloading the update for now, there's a little issue with it that needs to be dealt with by Rickard tomorrow.

Re: PunBB 1.2.16

I already did it from the hdiff. Should I restore it?

Re: PunBB 1.2.16

Just do the following (this might not be how Rickard corrects the issue, this is a temporary fix):

include/functions.php
FIND

$destination_url = str_replace(array("\r", "\n", '%0a', '%0d', ';'), '', $destination_url);

REPLACE WITH

$destination_url = str_replace(array("\r", "\n", '%0a', '%0d', ';data:'), '', $destination_url);

6 (edited by snapsolutions 2007-11-19 02:37)

Re: PunBB 1.2.16

Yup, that fixes the problem. Thanks!

Re: PunBB 1.2.16

Yes it does. Thank you. big_smile

Re: PunBB 1.2.16

On top of it, nice. I love this kind of support.

~James
FluxBB - Less is more

9 (edited by StevenBullen 2007-11-19 08:49)

Re: PunBB 1.2.16

Has this fix been applied on PunBB (here)?

Smartys wrote:

Just do the following (this might not be how Rickard corrects the issue, this is a temporary fix):

include/functions.php
FIND

$destination_url = str_replace(array("\r", "\n", '%0a', '%0d', ';'), '', $destination_url);

REPLACE WITH

$destination_url = str_replace(array("\r", "\n", '%0a', '%0d', ';data:'), '', $destination_url);

Re: PunBB 1.2.16

StevenBullen wrote:

Has this fix been applied on PunBB (here)?

No

11

Re: PunBB 1.2.16

Can we get a diff please? Please please please please big_smile

Re: PunBB 1.2.16

Check out the downloads page, as always there's a patch and an hdiff. However, you still need to apply the workaround at this point.

Re: PunBB 1.2.16

Whoops big_smile I'll sort this out tonight. Sorry for the mess.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: PunBB 1.2.16

Good to know that we are a bit more secure now smile
Thanks PunBB Team wink

15

Re: PunBB 1.2.16

Yep Smartys, thanks, found it. Your fault, it wasn't linked  roll  lol

Re: PunBB 1.2.16

It's linked from the downloads page, just like everything else...

Re: PunBB 1.2.16

I have now updated the downloads and hdiffs/patches. The change is one line only. If you downloaded and updated already, locate the following in include/functions.php

$destination_url = str_replace(array("\r", "\n", '%0a', '%0d', ';'), '', $destination_url);

and replace it with

$destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url);

Sorry for the mess up.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: PunBB 1.2.16

You all are very welcome. big_smile

Re: PunBB 1.2.16

Rickard wrote:

Sorry for the mess up.

please!  thanks to you and the team for being on top of things.

Re: PunBB 1.2.16

Thanks, but I still don't understand how to upgrade 1.2.15 to 1.2.16 lol.

[img]http://img90.imageshack.us/img90/746/scripter8ko.png[/img]
http://openwings.co.cc

21

Re: PunBB 1.2.16

Cheers for the update. smile Just one quickie. With the profile.php change, would it not be simpler to just make that a preliminary check in profile.php near the top of the file, so that it acts as a cover all incase anyone mods their file later on with something problematical?

Re: PunBB 1.2.16

Hi all wink

Some problems with redirect_url when login in hmm

My domain -> http://domain.com/
PunBB base url -> http://domain.com/forum

After login in the redirect url is http://domain.com/forum//forum/index.php sad

What can I do please ?

Sorry I speak English like a Spanish cow :/
Multy Forums Free (Multi PunBB Project) (on stand by)
http://multy.forums.free.fr/forum_demo/

Re: PunBB 1.2.16

I can't replicate the issue here: have you modified login.php or the redirect function?

Re: PunBB 1.2.16

wink

I have not modified login.php but I made this change -> Add a login form over the header.
I think that the problem is here:

    // Set the $redirect_url to this page, 
    $redirect_url = '' ;
    if(isset($_SERVER['REQUEST_URI'])) {
        $redirect_url = $_SERVER['REQUEST_URI'] ;

May be this part ? -> $_SERVER['REQUEST_URI']

Sorry I speak English like a Spanish cow :/
Multy Forums Free (Multi PunBB Project) (on stand by)
http://multy.forums.free.fr/forum_demo/

Re: PunBB 1.2.16

Makes sense. Try this code from login.php instead

$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';