| Author |
Message |
blith
Client
Joined: Jul 18, 2003
Posts: 977
|
 Posted:
Wed Jun 02, 2004 10:20 am |
|
Now I know this is not directly Sentinel related but it affects how it works so bear with me... Mods if it needs moved I understand.
If there is someone interested in looking at this problem I have two examples I would like to show someone live... go to [ Only registered users can see links on this board! Get registered or login! ] and then to the downloads, enter sounds in the search and hit enter. The third entry and the fourth will be linked at the admin edit icon. When I hover over the admin edit icon I get the incorrect address in the IE bar at the bottom. It does not point to the admin edit page. It points to the long string which will set of Sentinel off. In addition go to the last of the three pages in this search and look at what appears in the IE address bar when you hover over the Previous Page link. It will show this:
Code:www.gamersroam.com/modules.php?name=Downloads&d_op=viewdownloadcomments&lid=313&ttitle=Wilderness_Sounds_Mod>Comments%20(2)</a><br>Category:%20Gameplay%20Mods%20and%20Fixes<br><br></font><br><br><center><font%20class=
|
When someone clicks on that Previous Page link it will set off Sentinel and ban them. Right now I just have it set to email me but I would like to get this worked out so I can use Sentinel to it's full glorious potential! Something in the way the searches are being handled is incorrect. this seems to happen randomly although I am sure it isn't. i have tried to look at the code for the downloads to see if there is some character that is not allowing a line break but I cannot figure it out. I think someone with more code experience than I could figure it out. thanks for taking the time to look.. |
| |
|
 
|
|
blith
|
| Posted:
Mon Jun 07, 2004 8:01 am |
|
I am just asking if anyone in the know has looked at this? Thanks! |
| |
|
|
|
|
chatserv
Member Emeritus
Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
|
| Posted:
Mon Jun 07, 2004 8:12 am |
|
Zip your download module's index file, upload it to your server and post the download url. |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Mon Jun 07, 2004 9:08 am |
|
Question, is this the "Standard" downloads module that comes with nuke or one of the many modified ones out there? |
_________________
Bob Marion
Codito Ergo Sum
http://www.nukescripts.net |
|
|
|
blith
|
| Posted:
Mon Jun 07, 2004 9:19 am |
|
| chatserv wrote: | | Zip your download module's index file, upload it to your server and post the download url. |
[ Only registered users can see links on this board! Get registered or login! ] thanks! |
| |
|
|
|
|
blith
|
| Posted:
Tue Jun 08, 2004 9:24 am |
|
| BobMarion wrote: | | Question, is this the "Standard" downloads module that comes with nuke or one of the many modified ones out there? |
It is the downloads module from here and patched with chatserv's fixes. In addition it has the fetch mod in it. But it is all from here. |
| |
|
|
|
|
blith
|
| Posted:
Thu Jun 10, 2004 7:17 am |
|
I anyone looking at the file I made available? Thanks... |
| |
|
|
|
|
blith
|
| Posted:
Mon Jun 14, 2004 9:49 am |
|
I just got an email from download submitter on my site that addresses this problem does anyone have any help for this?
| Quote: | I recently tried to search for my plugins and
ran into a problem. I used the keyword "alchemy"
to try to call up my "Abelle Custom Potions"
plugin and the result page didn't display it
properly: it was slopped together with the
previous plugin in the search result list.
Could you please check this out and let me
know what the deal is here? |
|
| |
|
|
|
|
BobMarion
|
| Posted:
Mon Jun 14, 2004 9:55 am |
|
I'm personally neck deep in the 2.0.0 version of Sentinel(tm). I will try to make some time in the next couple of days to try and see what's happening unless one of the other guys gets to it before I do. |
| |
|
|
|
|
blith
|
| Posted:
Mon Jun 14, 2004 11:42 am |
|
Thanks Bob... I am sure you guys are very busy... and the only reason I am really after this so hard is because it does cause false bans with Sentinel. Right now I have the script abuse just set to email. I would like to have it on block but I can't until I get this sorted out. |
| |
|
|
|
|
blith
|
| Posted:
Tue Jun 29, 2004 9:51 pm |
|
Has anyone had a chance to look into this. I am still getting the emails for this particualr bug through Sentinel. Thanks! |
| |
|
|
|
|
BobMarion
|
| Posted:
Tue Jun 29, 2004 11:32 pm |
|
We have looked at it and found that even if we were to remove the ( and ) from the filter in Sentinel(tm) the native filter in nuke would refresh the page to the index.php page. We are looking at an alternate way of using the filters (possibly allowing admins to edit filters) thru the admin interface. Until then, and this option may open you to attacks, you can edit the includes/sentinel.php script to allow ( and ) by finding the following expression(around line 175):Code:(eregi("\([^>]*\"?[^)]*\)", $secvalue))
|
and changing it toCode:(eregi("[^>]*\"?[^)]*", $secvalue))
|
BE AWARE BY MAKING THIS ALTERATION YOU MAY OPEN YOUR SITE TO HACKS AND WE WILL NOT BE RESPONSIBLE IF THAT HAPPENS |
| |
|
|
|
|
blith
|
| Posted:
Wed Jun 30, 2004 3:20 pm |
|
Well that solves the problem of the ( and ) but the major bug was an native bug in the search function like is posted above.. it causes search returns to run together thus creating strings like this. Code:www.gamersroam.com/modules.php?name=Downloads&d_op=viewdownloadcomments&lid=313&ttitle=Wilderness_Sounds_Mod>Comments%20(2)</a><br>Category:%20Gameplay%20Mods%20and%20Fixes<br><br></font><br><br><center><font%20class=
|
I was not so worried about the () because I can avoid that.
In the first post on this thread I gave instructions on how to recreate this native search bug. Has anyone looked at it? |
| |
|
|
|
|
blith
|
| Posted:
Thu Jul 15, 2004 10:54 am |
|
Well I am back again, I am still getting SCRIPT attacks because of the way the Downloads search module handles the results. I am once again posting this because if people have Sentinel set to ban SCRIPT attacks then a lot of people are getting banned and pop up flooded due to a problem with the search function and not because of actual hacking. Bob posted a fix for the () problem and not for what I originally posted about. I detailed a way to recreate this problem in the first post. Thanks you guys I know you are busy but it really does affect your product. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Jul 15, 2004 11:15 am |
|
Have you commented out the includes statement in mainfile.php and verified that it is a Sentinel problem? As you know the () was a NUKE issue, not a Sentinel issue (per se), as we just mimicked the nuke code. I want to be sure we're not chasing nuke's tails again. |
| |
|
|
|
|
blith
|
| Posted:
Fri Jul 16, 2004 11:35 am |
|
| Raven wrote: | | Have you commented out the includes statement in mainfile.php and verified that it is a Sentinel problem? As you know the () was a NUKE issue, not a Sentinel issue (per se), as we just mimicked the nuke code. I want to be sure we're not chasing nuke's tails again. |
I am not posting about th( ) issue. Somehow that got lumped in here.. I am posting about the fact that the Downoads search lumps entries together and when a particular link is clicked on it will trigger the Abuse-SCRIPT ban in Sentinel. This has nothing to do with the ( ) issue. Here is an example of the Sentinel email. Notice the Query String. That is a result of the Downloads Search bug...Code:
Reason: Abuse - SCRIPT
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Query String: [ Only registered users can see links on this board! Get registered or login! ]
Forwarded For: none
Client IP: none
Remote Address: xxx.xxx.xxx.xxx
Remote Port: 35207
Request Method: GET
|
|
| |
|
|
|
|
blith
|
| Posted:
Wed Aug 04, 2004 11:49 am |
|
Is there a suggestion as to where I should go for help with this particular bug. I know it isn't a Sentinel bug per se but people could be banned from users sites if they have Script set to block. I want to be able to use Sentinel to it's fullest potential but I cannot due to the fact I have to have Script set to email only. Thanks for the look-see!! |
| |
|
|
|
|
Raven
|
| Posted:
Tue Aug 24, 2004 8:26 am |
|
From your first post above, I see what you are talking about with the PREV link. I can't reproduce the admin edit one as I am not an admin. Just so I'm clear, is the PREV link the only one that affects your visitors? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Aug 24, 2004 8:29 am |
|
Also, I tried to grab the download zip you mad available and it doesn't work. Is the zip still available? |
| |
|
|
|
|
blith
|
| Posted:
Tue Aug 24, 2004 8:51 am |
|
| Raven wrote: | | From your first post above, I see what you are talking about with the PREV link. I can't reproduce the admin edit one as I am not an admin. Just so I'm clear, is the PREV link the only one that affects your visitors? |
Well, I think so but It might also occur wherever the two search entries are linked... but from the look at the string I could only find it in the PREV link... I am looking for the file right now. I may need to make another one. |
| |
|
|
|
|
blith
|
| Posted:
Tue Aug 24, 2004 8:57 am |
|
Here is the link to the file:
[ Only registered users can see links on this board! Get registered or login! ]
By the by. I just noticed something after trying all sorts of things. The entries seem to be linked together after a download that has received some votes. Ones that have no votes are not scrunched together.
Raven, you actually are an admin on my site. hee hee you just didn't know it! |
| |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Tue Aug 24, 2004 9:22 am |
|
I don't have a large enough database to check this on locally. But clearly its a create bug with the paging. Try grabbing either a newer or older version of the downloads module. I tried the one here (6.9 patched 2.5 I think?) and the links work there. The version you have must have an error causing it to pickup the wrong url completely. Your previous link is showing this url
modules.php?name=Downloads&d_op=viewdownloadcomments&lid=491&ttitle=TES_Mod_Utility_1.5>Comments (4)</a><br>Category: Utilities<br><br></font><br><br>Select Page: <b>[ <a href=
Which is completely wrong it should be showing modules.php?name=Downloads&d_op=search&
Anyway thats what I'd do is find a file the isn't buggered up at least that would get rid of this particular problem. |
_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 |
|
|
|
|
sixonetonoffun
|
| Posted:
Tue Aug 24, 2004 9:24 am |
|
Grr thos urls got walked on by the GT rules here but you should get the idea there. |
| |
|
|
|
|
blith
|
| Posted:
Tue Aug 24, 2004 10:47 am |
|
So having version 7.2 and using a newer or older download module will be fine? I may wait a bit to see what Raven has to say about the file I provided... |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Tue Aug 24, 2004 10:57 am |
|
You should be good to go up to the 7.4 chatserv patched 2.5 version of the downloads index.php But I'm not 100% sure which version you have there now if it turns out a bug introduced by the patched series we'll have to sort that out too. Do you know if that is what you have now the 7.2 patched series 2.5?
Thats ok if Raven has time to check it out. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
