Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
mastrb0y
New Member
New Member


Joined: Feb 17, 2005
Posts: 7

PostPosted: Thu Feb 17, 2005 2:42 am Reply with quote

Having som problems with Nuke 7.6 patched 2.8 with sentinel and protector installed,

Upgraded gallery 1.4.4pl6 to 1.5rc1, turned off globals since gallery would not work with it on (could not fetch the userdb of nuke)

But when i turned globals off my sentinel http auth dosen't work, ways to fix this?

Are there any others problems with having globals off?
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Thu Feb 17, 2005 6:28 am Reply with quote

For a site with register_globals turned off use CGIAuth instead. That way it is called from the .htaccess file and provides server level protection for your admin.php file
 
View user's profile Send private message
mastrb0y
PostPosted: Thu Feb 17, 2005 6:50 am Reply with quote

i'll try that, have tried cgiauth before but could not get it to work (thats why i used http auth) , but will try again, and read a little more in the forums
 
Raven
PostPosted: Thu Feb 17, 2005 6:54 am Reply with quote

See if this helps Only registered users can see links on this board! Get registered or login!
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Feb 17, 2005 7:27 am Reply with quote

What I did was change the gallery init.php so it doesn't unset globals. This may not be as secure but it allows it to run with globals turned on.

Code:


// Hack prevention.

$register_globals = @ini_get('register_globals');
if (!empty($register_globals) && !eregi("no|off|false", $register_globals)) {
   foreach (array_keys($_REQUEST) as $key) {
      addslashes($key);
   }
}

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
mastrb0y
PostPosted: Thu Feb 17, 2005 7:43 am Reply with quote

Added a new configuration option to bypass our register_globals emulation. (Using this option will NOT be supported, but since some people absolutely require it, we've added it.)
fixed in RC1-cvs-b8

Maybe this will fix it, i reported my problem to menalto also, and they removed my post and added this fix.. will try it out Smile

will also read Only registered users can see links on this board! Get registered or login! if i can't get cgi to work

thnx for your help
 
mastrb0y
PostPosted: Mon Feb 21, 2005 2:01 am Reply with quote

new bug, sentinel 2.1.3 and gallery 1.4.4pl6

When filters are enabled i get blocked when try to hide/unhide pictures in gallery.
 
Raven
PostPosted: Mon Feb 21, 2005 3:38 am Reply with quote

Does the Query String containg &cmd ?
 
mastrb0y
PostPosted: Tue Mar 01, 2005 6:26 am Reply with quote

User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107
Firefox/1.0
Query String:
modules.php?cmd=highlight&index=1&set_albumName=album74&type=popup&op=modload&name=gallery&file=index&include=do_command.php
Forwarded For: none
Client IP: none
Remote Address: 10.0.0.254
Remote Port: 2987
Request Method: GET

thats all i know of the string
anyway to put that command in a safe list or equal? (bypassing it without turning of filter in sentinel?)
 
Raven
PostPosted: Tue Mar 01, 2005 9:51 am Reply with quote

Try this: Only registered users can see links on this board! Get registered or login!

There are several posts in the forums on this Smile
 
mastrb0y
PostPosted: Wed Mar 02, 2005 2:20 am Reply with quote

sorry, i did not STF Sad
 
mastrb0y
PostPosted: Wed Mar 02, 2005 3:35 am Reply with quote

another weird thing.

I got CGIauth to work, but had the info that supposed to be in .htaccess about <files>blablabla</files>
would only work when i put it in httpd.conf and restartet the service, any tips on fixing this?
could it be the nooverride options defined in httpd.conf about my directory?
 
Raven
PostPosted: Wed Mar 02, 2005 4:56 am Reply with quote

Yep.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©