26

Re: PunBB 1.2.16

MattF wrote:

Cheers for the update. smile Just one quickie. With the profile.php change, would it not be simpler to just make that a preliminary check in profile.php near the top of the file, so that it acts as a cover all incase anyone mods their file later on with something problematical?

Just prodding on this one. smile Would a general check of:

if (isset($_POST['form_sent']))
{
    if ($pun_user['g_id'] < PUN_GUEST)
        {
        confirm_referrer('profile.php');
         }
}

at the top of profile.php prevent any future possibility of that occuring with any additions to profile.php, i.e: mods?


Cheers,

Matt

Re: PunBB 1.2.16

MattF wrote:

Cheers for the update. smile Just one quickie. With the profile.php change, would it not be simpler to just make that a preliminary check in profile.php near the top of the file, so that it acts as a cover all incase anyone mods their file later on with something problematical?

confirm_referrer() is gone in 1.3. See http://blog.punbb.org/2007/09/18/preven … f-attacks/

"Programming is like sex: one mistake and you have to support it for the rest of your life."

28

Re: PunBB 1.2.16

Aye. I'd read that blog entry awhile ago. smile I know I'm going against the flow here, big_smile but I must admit, I'll probably be running 1.2* for a good while after 1.3 comes out. In all honesty, there's not really anything which a bit of coding can't sort which I don't have that I want in 1.2*. smile

29

Re: PunBB 1.2.16

gil wrote:

About documentation, the http://punbb.org/docs/install.html is not up to date :
There are several "1.2.12" in place of "1.2.14" (and a "12_to_1212_update.php" of course).
Sorry to only discover serious problems smile

(note; the install.html file in 1.2.14 zip package is OK)

Sorry, I was not present for the 1.2.15 version smile

30 (edited by Fil1958 2007-11-21 06:32)

Re: PunBB 1.2.16

wink

Smartys wrote:

Makes sense. Try this code from login.php instead

$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i

Yes I tried this code, but redirect_url is always index.php anywhere !?

Exemple, if I read a topic (http://domain.com/forum/viewtopic.php?pid=1618#p1618) , after login in I am on index.php and not in the topic that I read hmm

Why ? sad

Sorry I speak English like a Spanish cow :/
Multy Forums Free (Multi PunBB Project) (on stand by)
http://multy.forums.free.fr/forum_demo/

Re: PunBB 1.2.16

I would need to check out the site

Re: PunBB 1.2.16

Thanks for reply Smartys wink

The board is here -> http://clopotelfrance.free.fr/forum/index.php

This is a free service from our IProvider -> http://www.free.fr/

Sorry I speak English like a Spanish cow :/
Multy Forums Free (Multi PunBB Project) (on stand by)
http://multy.forums.free.fr/forum_demo/

33 (edited by D9r 2007-11-21 19:04)

Re: PunBB 1.2.16

Fil1958 wrote:

Some problems with redirect_url when login in

My domain -> http://domain.com/
PunBB base url -> http://domain.com/forum

After login in the redirect url is http://domain.com/forum//forum/index.php

You own 'domain.com'?  Awesome!  How much did it cost to get it? wink

Domain.com is a real domain.  For examples it's recommended to use Example.com, Example.net, and Example.org.

34 (edited by Smartys 2007-11-21 19:43)

Re: PunBB 1.2.16

Fil1958 wrote:

Thanks for reply Smartys wink

The board is here -> http://clopotelfrance.free.fr/forum/index.php

This is a free service from our IProvider -> http://www.free.fr/

I can't log in until I get my activation email, which seems to be taking a while

Edit: I'm still waiting, and I registered a second account to a different email account that also hasn't gotten the activation email

Re: PunBB 1.2.16

This line of code is still a problem:

    // Prefix with o_base_url (unless it's there already)
    if (strpos($destination_url, $pun_config['o_base_url']) !== 0)
        $destination_url = $pun_config['o_base_url'].'/'.$destination_url;

    // Do a little spring cleaning
    $destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url);

This is what's causing the problem on this thread:

http://punbb.org/forums/viewtopic.php?id=17591

I removed it and put the old code back and it works every time.

Re: PunBB 1.2.16

I can't replicate it, and the fact that it occurs in the plugin likely means the plugin is doing something wrong that wasn't caught before wink
Could you paste the code for the plugin in that thread?

Re: PunBB 1.2.16

I sent you an email Smarty's with some login info to test yourself.

Cheers!
Bingiman

Re: PunBB 1.2.16

Don't send it via the email form, it has issues sending to PunBB.org emails (I'm assuming that's why I don't have your email)

Re: PunBB 1.2.16

I am assuming you received the email though?

Re: PunBB 1.2.16

He said he didn't...

Re: PunBB 1.2.16

Actually, he never said that. He said there are issues. Anyway, he doesn't need it I guess because he knows there is an issue. If you need to check it still Smartys my email is: shedrock@sympatico.ca

Re: PunBB 1.2.16

Smartys wrote:

(I'm assuming that's why I don't have your email)

Mmh?

Re: PunBB 1.2.16

hmm...sometimes I think I am dumb. big_smile or maybe just overworked. Sorry about that elbekko...my bad. smile

44

Re: PunBB 1.2.16

Hello All, developers,

I think there is still an oversight in the code for 1.2.16:
in include/functions.php, look for line:

    if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off")

I think you will find that should be:

    if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off"))


Hendrik-Jan

Re: PunBB 1.2.16

HJH wrote:

Hello All, developers,

I think there is still an oversight in the code for 1.2.16:
in include/functions.php, look for line:

    if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off")

I think you will find that should be:

    if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off"))


Hendrik-Jan

Mmm, no, that's an extra closing parenthesis: that would give a parse error wink

46 (edited by HJH 2007-11-23 16:02)

Re: PunBB 1.2.16

Hmm, then I must have opened one before, as I get an error without it...
I'll check my code.

edit: found it; I had:
if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals === "off"))

now I have:
if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals) === "off")

as it should be. Sorry!

47

Re: PunBB 1.2.16

Hi everybody,

Thanks for the new version.

48

Re: PunBB 1.2.16

Fil1958 wrote:

Hi all wink

Some problems with redirect_url when login in hmm

My domain -> http://domain.com/
PunBB base url -> http://domain.com/forum

After login in the redirect url is http://domain.com/forum//forum/index.php sad

What can I do please ?

Have this same issue. Haven't modified login.php. The suggestion from Smartys didn't help.

Re: PunBB 1.2.16

Link?

50

Re: PunBB 1.2.16

Sorry. I removed the patch.