Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Bug Reports
Author Message
manunkind
Client



Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Fri Dec 31, 2004 8:45 pm Reply with quote

That seems to have worked. Thanks Raven!

So it's safe now to comment out the Santy lines in Sentinel.php so that my Reviews section works again?
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Fri Dec 31, 2004 8:49 pm Reply with quote

Yes, and I have corrected the above posts. Sorry about that. I had more rules after the last one so my code is ok with [NC,OR].
 
View user's profile Send private message
manunkind







PostPosted: Fri Dec 31, 2004 9:16 pm Reply with quote

Cool. Thanks Raven! Smile
 
skeen
Hangin' Around



Joined: Jul 17, 2003
Posts: 29

PostPosted: Fri Dec 31, 2004 9:19 pm Reply with quote

Is that a version only issue Raven ? I have that statement and it doesnt effect my site when I am logged in but will it effect my users ?
 
View user's profile Send private message
Raven







PostPosted: Fri Dec 31, 2004 11:11 pm Reply with quote

v2.1.3 was the first version to have it. Not everyone has access to .htaccess so that's an alternative. But, as you have seen, it can have issues.
 
MrFluffy
Hangin' Around



Joined: Jun 24, 2004
Posts: 28
Location: Berlin

PostPosted: Wed Jan 05, 2005 9:20 am Reply with quote

As the santy filter in fact stops all modules from working that use the $id variable in urls, couldn't you just use some other variable name in the filter?
I don't see that it is used further by sentinel anyway...

_________________
cu,
MrFluffy

Image 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Raven







PostPosted: Wed Jan 05, 2005 9:27 am Reply with quote

Seems reasonable to me. We'll check it out Smile
 
BobMarion
Former Admin in Good Standing



Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Wed Jan 05, 2005 10:51 am Reply with quote

I'll update it today and post the new package as 2.1.3b

_________________
Bob Marion
Codito Ergo Sum
http://www.nukescripts.net 
View user's profile Send private message Send e-mail Visit poster's website
ptyp
New Member
New Member



Joined: Jan 14, 2005
Posts: 1

PostPosted: Fri Jan 14, 2005 8:49 am Reply with quote

BobMarion wrote:
I'll update it today and post the new package as 2.1.3b


dose this update work with phpnuke 7.5 reviews module?
If yes where can I download it? and if no, dose anyone have the fix, I aint use the .access protection.

thanks
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Fri Jan 14, 2005 4:55 pm Reply with quote

Bob, I can only find a Jan 1 version of Sentinel 2.1.3. Did you ever post a 2.1.3b?

TIA,
montego
 
View user's profile Send private message Visit poster's website
Susann
Moderator



Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sat Jan 15, 2005 5:14 pm Reply with quote

The same problem with errors in rewiews:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/balblabla/includes/sql_layer.php on line 342

added (hinzugefĆ¼gt): January 1st 1970
The date is a joke ?

So I removed the code for santi worms in sentinel.php. Now the reviews are back Smile .
 
View user's profile Send private message
bry2k
New Member
New Member



Joined: Dec 07, 2004
Posts: 12

PostPosted: Mon Jan 17, 2005 8:53 am Reply with quote

Hello, I'm also wondering where I can get v213b of Sentinel. Currently my Gallery module is broken with v213 of Sentinel (http://www.ravenphpscripts.com/postp31123.html#31123) and I'm not clear on what to do to fix the problem. I do have .htaccess/CGIAuth protection enabled on my site, so I presume I don't need the Sanity worm code you guys were talking about...? Could someone help me out?
 
View user's profile Send private message
MrFluffy







PostPosted: Mon Jan 17, 2005 9:18 am Reply with quote

In includes/sentinel.php,

find:
Code:
// Stop Santy Worm

$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($id,$uri_content)=each($tmp)) {
   if (strpos($REQUEST_URI,$uri_content)) {
      die("Illegal Content");
   }
}


and comment it out completely, or what I did, change it to

Code:
// Stop Santy Worm

$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($snid,$uri_content)=each($tmp)) {
   if (strpos($REQUEST_URI,$uri_content)) {
      die("Illegal Content");
   }
}

This can't make it more useless than commenting it out, so it should be ok Wink
 
Susann







PostPosted: Mon Jan 17, 2005 10:43 am Reply with quote

So, I changed my .htaccess again and try your code with $snid it works fine without any error in reviews and the other modules too. I haven`t seen no more "Illegal Content" on my site.Laughing
 
cprompt
Regular
Regular



Joined: Jun 08, 2004
Posts: 64

PostPosted: Sun Jan 23, 2005 8:36 am Reply with quote

bry2k wrote:
Hello, I'm also wondering where I can get v213b of Sentinel. Currently my Gallery module is broken with v213 of Sentinel (http://www.ravenphpscripts.com/postp31123.html#31123) and I'm not clear on what to do to fix the problem. I do have .htaccess/CGIAuth protection enabled on my site, so I presume I don't need the Sanity worm code you guys were talking about...? Could someone help me out?


Do what MrFluffy says to do just below your post.
That worked for me and my Gallery module and it is simple to do.

mike
 
View user's profile Send private message
BobMarion







PostPosted: Thu Jan 27, 2005 9:41 am Reply with quote

I've shifted from doing 2.1.3b to making 2.2.0 instead and it's taking longer then i expected Smile
 
pudbat
New Member
New Member



Joined: Mar 05, 2005
Posts: 20

PostPosted: Fri Mar 11, 2005 12:02 am Reply with quote

does .staccess work the same as .htaccess? seems that if i can't have a .htaccess file in my root directory, i get a 500 server error
 
View user's profile Send private message
Raven







PostPosted: Fri Mar 11, 2005 12:06 am Reply with quote

No. The . just means to hide the file in *nix. .htaccess is unique and only pertains to Apache web servers. .staccess is just an ordinary file that *nix hides.
 
pudbat







PostPosted: Fri Mar 11, 2005 12:15 am Reply with quote

thanks, Raven, i'm just a little unclear on what is the best Santy blocker if you don't have .htaccess?
 
Raven







PostPosted: Fri Mar 11, 2005 8:12 am Reply with quote

Seriously, if your host does not allow you to have .htaccess then you need to find another host. Without having access to .htaccess you are so limited in what you can do. While you could write code to place in mainfile.php, as an example, by that time the intruder is already at your site. And, he could bypass the calling of mainfile.php. .htaccess stops him at the server level.
 
BobMarion







PostPosted: Fri Mar 11, 2005 10:31 pm Reply with quote

I agree with Raven, .htaccess is by far the better method. The Santy protection in NukeSentinel is for those that do not have .htaccess access so that they have some level of protection.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©