• From: St. Petersburg, Russia
  • Registered: 2008-02-17
  • Posts: 36

Re: [extension release] Domain.PunBB

Smartys, how about this version? Without not PunBB style html in manager, shorts tags and bug with quick jump. smile

SuperMAG, upload to punres and update first post.

Royal Crown Chinpoko Master, ^_^

lexazloy's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: [extension release] Domain.PunBB

Splitting up PHP handling from the other filetypes was smart, although if you want to avoid the redirect, you can just use file_get_contents and echo the contents out.

Also, I still think the "use .htaccess to redirect all requests to the right file" idea is better, I just don't know how easy it is. tongue

You still need to properly deal with null bytes.

In extensions/domain/admin.php, your file writing allows the person to write to an arbitrary file. They can also delete arbitrary files. You should never allow raw, unchecked data from the user to be used in picking a file.

This:

foreach (glob($dirname.'/*.php') as $file){
    $pun_domain_old = $pun_domain;
    include $file;

    $domains[] = array(
        'id'       => substr(basename($file), 0, -4),
        'base_url' => $pun_domain['base_url'],
        'category' => explode(',', $pun_domain['category'])
    );

    $pun_domain = $pun_domain_old;
    unset($pun_domain_old);
}

can be simply written as

$real_pun_domain = $pun_domain;
foreach (glob($dirname.'/*.php') as $file)
{
    include $file;

    $domains[] = array(
        'id'       => substr(basename($file), 0, -4),
        'base_url' => $pun_domain['base_url'],
        'category' => explode(',', $pun_domain['category'])
    );
}
$pun_domain = $real_pun_domain;
unset($real_pun_domain);
  • From: St. Petersburg, Russia
  • Registered: 2008-02-17
  • Posts: 36

Re: [extension release] Domain.PunBB

Yes, just .htaccess file better idea, but i try make rewrite rule and loose. sad

Sorry, about null bytes i dont understand you 100%. First time i think null butes you mean empty... Now i think about \xNN in URL or something. No?

Not check POST data it sketch. For full work need see PunBB code more.

About $real_pun_domain you right. Why i put it in loop i dont know. %)

Royal Crown Chinpoko Master, ^_^

lexazloy's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: [extension release] Domain.PunBB

Null byte: \0
If I put that in my input, PHP (at least for file operations) interprets the string as ending at the null byte.