Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
netgoodies
Regular
Regular



Joined: Sep 26, 2005
Posts: 63
Location: Oxfordshire. United Kingdom.

PostPosted: Tue Jan 17, 2006 11:14 am Reply with quote

Hi Raven

I am running 7.6 with 3.1 patch and had problems with arcade not submitting the scores.

The fix was to delete or comment out the following code in mainfile.php.

Code:
// Posting from other servers in not allowed

// Fix by Quake
// Bug found by PeNdEjO
if ($_SERVER['REQUEST_METHOD'] == "POST") {
  if (isset($_SERVER['HTTP_REFERER'])) {
    if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
        die('Posting from another server not allowed!');
    }
  } else {
    die($posttags);
  }
}


I wanted to know if you know its purpose? and does NukeSentinels' referer blocker provide protection if the above code is removed?

Regards

Martyn
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Tue Jan 17, 2006 11:46 am Reply with quote

I have posted this elsewhere but I am happy to repeat it here. That code should never have been added to the Patch Series because it is faulty in its logic and has since been removed from 3.1. You should d/l the 3/1 patched series as it appears you are not using the latest. When Chatserv revises his patches he does not revise the patch level unless he has done major work.

Yes to the NukeSentinel(tm) question.
 
View user's profile Send private message
netgoodies







PostPosted: Tue Jan 17, 2006 12:15 pm Reply with quote

Hi Raven

Quote:
I have posted this elsewhere but I am happy to repeat it here.


I am so sorry about that, I did do a search on the matter and didn't find anything. Obviously I didn't try hard enough, so thanks for the reply as I do know how irritating it is to repeat the same replies over and over again. worship Raven.

Thanks to you I will check my latest patches and update them and I am not suprised that NukeSentinel did the job anyway (as well as many others).

Keep up the good work mate.

Regards

Martyn.
 
Raven







PostPosted: Tue Jan 17, 2006 12:20 pm Reply with quote

I did not mean that as a slam. In this case I meant I have posted it at other sites too, as well as explaining to Chat why it needed to be removed Wink
 
netgoodies







PostPosted: Tue Jan 17, 2006 4:58 pm Reply with quote

Hi Raven

Quote:
I did not mean that as a slam.
I didn't take it that way mate, just as a grumble which I ignored anyway ROTFL

Whilst I am here can I remind you of this thread.

Code:
http://ravenphpscripts.com/postt7542.html


Was wondering if there is any feedback? If so post it there to keep things tidy eh! its OffTopic ROTFL

Regards

Martyn.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©