Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
bergman
New Member
New Member


Joined: Mar 07, 2005
Posts: 10

PostPosted: Tue Aug 30, 2005 5:55 pm Reply with quote

I am using invisionboard on my site, After upgrading the forum the sentinel causes problem. I cannot browse in the pages.

Is there any way to exclude sentinel only from the forum module? I appreciate your help.
 
View user's profile Send private message
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Wed Aug 31, 2005 1:30 pm Reply with quote

It could be dangerous to exclude it but you could change the include lines from:
Code:
if (defined('FORUM_ADMIN')) {

    @include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
    @include_once("../../includes/nukesentinel.php");
} else {
    @include_once("includes/nukesentinel.php");
}


To something like:
Code:
if (defined('FORUM_ADMIN') && $name != "Forums") {

    @include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD') && $name != "Forums") {
    @include_once("../../includes/nukesentinel.php");
} elseif($name != "Forums") {
    @include_once("includes/nukesentinel.php");
}

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
bergman
PostPosted: Thu Sep 01, 2005 9:25 am Reply with quote

Thank you Bob!

You said it could be dangerous, did you mean it for phpnuke part or the invisionboard?

I actually found the problem, it is the "Scripting Blocker Settings" in sentinel which conflicts with the invision. When i turned it off it works as usual. I just want to say that i am not expecting to get support for invision. But I also think that invision may have some protect against this kind of abuse. Is it possible to disable scripting blocker settings for only invision by editing these lines (from includes/nukesentinel.php) like this

Code:
if(!is_admin($admin) && $name != "Forums")  {

  // Check for SCRIPTING attack
  // Copyright 2004(c) ChatServ
  $blocker_row = $blocker_array[4];
  if($blocker_row['activate'] > 0) {
    foreach ($_GET as $sec_key => $secvalue) {
      $secvalue = strtolower($secvalue);
      str_replace("%3c", "<", $secvalue);
      str_replace("%3e", ">", $secvalue);
      if ((eregi("<[^>]script*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]*object*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]*applet*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]*meta*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]style*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]*form*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]*img*\"?[^>]*>", $secvalue))
      || (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue))
      || (eregi("\([^>]*\"?[^)]*\)", $secvalue))) {
        block_ip($blocker_row);
      }
    }
 
BobMarion
PostPosted: Thu Sep 01, 2005 9:32 am Reply with quote

By adding the $name != "Forums:
Code:
if(!is_admin($admin) && $name != "Forums")  {
It should stop it from be active during a users visits to your forums.
 
BobMarion
PostPosted: Thu Sep 01, 2005 9:34 am Reply with quote

Quote:
You said it could be dangerous, did you mean it for phpnuke part or the invisionboard?


For your site. If invision does not have scripting protection you could be attacked and your site compromised by defeating the logic in NukeSentinel(tm).
 
bergman
PostPosted: Thu Sep 01, 2005 3:27 pm Reply with quote

According to Invision support, there is protection against scripting.
Thank you for helping me, it works fine.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©