#83569
05/13/2002 4:06 PM
|
Joined: Apr 2001
Posts: 299
Member / MultiHacker
|
|
Member / MultiHacker
Joined: Apr 2001
Posts: 299 |
I just did a search for something on "All open forums", and I got results from areas that I do not have access to.
I couldn't enter the areas, but it did list the topics that matched.
Just thought I would mention it.
|
|
|
#83570
05/13/2002 4:15 PM
|
Joined: Dec 2001
Posts: 699
Member
|
|
Member
Joined: Dec 2001
Posts: 699 |
|
|
|
#83571
05/14/2002 9:04 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
So why did you post it here instead of ICQ'ing me? 
|
|
|
#83572
05/14/2002 9:12 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
FIXED! 
|
|
|
#83573
05/14/2002 4:05 PM
|
Joined: Dec 2001
Posts: 699
Member
|
|
Member
Joined: Dec 2001
Posts: 699 |
Fancy telling us the fix? 
|
|
|
#83574
05/14/2002 4:17 PM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
|
|
|
#83575
05/14/2002 4:23 PM
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
Basically, all calls of $user_permissions->has_permission need to be changed to explicitly check for > 0 for success, < 1 for failure.
UBB.classic: Love it or hate it, it was mine.
|
|
|
#83576
05/15/2002 1:00 AM
|
Joined: Aug 2000
Posts: 335
Member
|
|
Member
Joined: Aug 2000
Posts: 335 |
But what if it's 0.5? 
|
|
|
#83577
05/15/2002 5:58 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
It's never 0.5, it's ints between -3 & 4 (or something like that)
|
|
|
#83578
05/15/2002 7:40 AM
|
Joined: Mar 2001
Posts: 326
Member
|
|
Member
Joined: Mar 2001
Posts: 326 |
So this will require many files to be updated then?
|
|
|
#83579
05/15/2002 7:49 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
quote:
cgi-binubb_lib_pntf.cgi:
cgi-binubb_lib_secgroups.cgi:
cgi-binubb_poll.cgi:
cgi-binubb_profile.cgi:
cgi-binubb_search.cgi:
noncgiTemplatespublic_avatar_select.pl:
noncgiTemplatespublic_edit_profile.pl:
noncgiTemplatespublic_user_posts.pl:
But the most important ones are public_user_posts.pl and ubb_search.cgi.
|
|
|
#83580
05/16/2002 11:53 AM
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
Most calls return 1, 0, or undef. Calls checking forum permissions can return between -3 and 4, including 0 and undef.
UBB.classic: Love it or hate it, it was mine.
|
|
|
#83581
05/16/2002 1:36 PM
|
Joined: Mar 2001
Posts: 326
Member
|
|
Member
Joined: Mar 2001
Posts: 326 |
LK,
It'd really help if you could be clear about exactly where and what to change in ubb_search.cgi since the InfoPop thread doesn't show you exactly that.
I just need a temp fix since no official update has been released and I'm already using v6.3, yet it's clearly insecure.
|
|
|
#83582
05/18/2002 8:35 AM
|
Joined: Mar 2001
Posts: 326
Member
|
|
Member
Joined: Mar 2001
Posts: 326 |
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 21,079
Joined: March 2000
|
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
| |
Most Online5,166
Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
