Sientinel 2.0.0 RC4 and "Tell a friend module"

New Member Joined: Oct 14, 2004 Posts: 3

Sientinel is blocking a mod i added to my phpbb forum called "tell a friend" how can i stop this from happening ?

This is the email i recieve:

Code:

Date & Time: 2004-10-14 14:06:56


Blocked IP: 212.179.28.66


User ID: אורח (1)


Reason: Abuse-Script


--------------------


User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Query String: [ Only registered users can see links on this board! Get registered or login! ]


Forwarded For: none


Client IP: none


Remote Address: 212.179.28.66


Remote Port: none


Request Method: GET

Posted: Thu Oct 14, 2004 8:49 am

You'll have to find where the quotes are being added I would hazard to guess if the quotes are in the title you will have to strip them out before the $_POST is made. If the quotes are being added by your mod them you will have to find out where and alter it so there aren't quotes being added.

Posted: Thu Oct 14, 2004 10:04 am

in this case, yes the quotes are part of the title ... why is this dangerous in some way ?

Posted: Thu Oct 14, 2004 11:07 am

They are often part of XSS attacks, java tricks and such. You should be able to just add something like
$var = str_replace("\"", "", $var);
Replace $var with what ever variable is being used such as $ttitle or $topic_text
Thats about the simplest solution I can think of. This comes up a lot with Forum mods it seems.

Posted: Thu Oct 14, 2004 11:11 am

I should add the reason its being flagged is because it is being submitted via a $_POST request. Otherwise it would not be flagged.

Posted: Thu Oct 14, 2004 11:33 am

sixonetonoffun wrote:

They are often part of XSS attacks, java tricks and such. You should be able to just add something like
$var = str_replace("\"", "", $var);
Replace $var with what ever variable is being used such as $ttitle or $topic_text
Thats about the simplest solution I can think of. This comes up a lot with Forum mods it seems.

this must be added to the mod file itself, right ?

this is what i found ... that i think can be closest:

Code:

$template->assign_vars(array( 


   "TELL_LINK" => append_sid("http://".$HTTP_SERVER_VARS['HTTP_HOST'].$temp_topic."?name=Forums&file=tellafriend&t=$topic_id", true)


   ));

New Member Joined: Nov 21, 2005 Posts: 1

Im having the same problem... Here is my block abuse email:

Quote:

Date & Time: 2005-11-21 15:12:59 PST GMT -0800
Blocked IP: 162.84.201.103
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Query String: [ Only registered users can see links on this board! Get registered or login! ] WEEKEND @CROBAR: Fri (BORIS) | Sat (ROGER SANCHEZ)&link=modules.php?name=Forums&file=http://www.bayridgenights.com/modules&name=Forums&file=tellafriend&t=5183
Get String: [ Only registered users can see links on this board! Get registered or login! ] WEEKEND @CROBAR: Fri (BORIS) | Sat (ROGER SANCHEZ)&link=modules.php?name=Forums&t=5183
Post String: [ Only registered users can see links on this board! Get registered or login! ]
Forwarded For: none
Client IP: none
Remote Address: 162.84.201.103
Remote Port: 1269
Request Method: GET

Im not a big PHP guy so any detailed help would be outstanding. Thanks