Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro
Author Message
WD-40
Regular
Regular


Joined: Dec 29, 2005
Posts: 62

PostPosted: Tue Jan 17, 2006 7:02 am Reply with quote

If "includes/nukesentinel.php" is not present/removed you will get a white blank page.

Currently you have the following:
Code:


@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/sql_layer.php");
@require_once(INCLUDE_PATH."includes/ip_ban.php");
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
  @include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
}
@require_once(INCLUDE_PATH."includes/nukesentinel.php");


You are using the require function which requires the file otherwise fails, if you wish to include it otherwise if not present proceed you must use the include function.

However, with security in mind and how NukeSentinel is built to operate, the above should be changed to:

Code:


@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/sql_layer.php");
if (file_exists(INCLUDE_PATH."includes/nukesentinel.php")) {
  @require_once(INCLUDE_PATH."includes/nukesentinel.php");
}
elseif (!file_exists(INCLUDE_PATH."includes/nukesentinel.php")) {
  @require_once(INCLUDE_PATH."includes/ipban.php");
}
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
  @include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
}


Hope that helps you guys out!

_________________
Image

...multi-purpose problem solver 
View user's profile Send private message Visit poster's website
WD-40
PostPosted: Tue Jan 17, 2006 7:59 am Reply with quote

I do have a couple of questions though, these are mostly related to patches:

1. Why do you wish not to report any errors if these fail?

2. Why do you use php define('INDEX_FILE', true); statement when define('INDEX_FILE', false); has no control. You can put any statement like define('INDEX_FILE', funny); and still proceeds. It just needs to be defined versus changing true value.

Another thing, I changed value on define('HOME_FILE', true); to define('HOME_FILE', false); and no changes are effected. Only effected if commented out and same applies with all other alike define statements.

3. Why do you only require mainfile once repeatly versus just requiring it to keep it loaded?

I understand there situations where header/footer are not always required however mainfile is.

I personally think these define statements are being used incorrectly.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue Jan 17, 2006 10:15 am Reply with quote

WD-40 wrote:
I do have a couple of questions though, these are mostly related to patches:

1. Why do you wish not to report any errors if these fail?

2. Why do you use php define('INDEX_FILE', true); statement when define('INDEX_FILE', false); has no control. You can put any statement like define('INDEX_FILE', funny); and still proceeds. It just needs to be defined versus changing true value.

Another thing, I changed value on define('HOME_FILE', true); to define('HOME_FILE', false); and no changes are effected. Only effected if commented out and same applies with all other alike define statements.

3. Why do you only require mainfile once repeatly versus just requiring it to keep it loaded?

I understand there situations where header/footer are not always required however mainfile is.

I personally think these define statements are being used incorrectly.

Most of these are related to Chatserv's patches but I wil presuppose and answer them.

#1 - I agree that they should not be silenced. However, as I said, these are Chat's patches. I as a user make my own modifications.

#2 - The point is to either have it defined or not. If it is not defined at all it fails. There does not need to be a real boolean test. It's a test of exists or not. Defines are used because they cannot be changed once set and it improves the security.

#3 - require_once does just that. It keeps PHP from trying to reload it once it is loaded. This was the easiest patch to one of the many fundamental design issues of phpnuke.

See #2 as to the defines.
 
View user's profile Send private message
WD-40
PostPosted: Tue Jan 17, 2006 10:30 am Reply with quote

#1. Okay and agreed.

#2. I'll take your word.

#3. Have you ever attemped to just require mainfile within index or does it fail? If it fails, is this only related to phpBB?

Guiess that's about it, I was manually doing some patching and looking between your release and latest 3.1 patch to check for any updates.

One last question w/ define statements in reference above, what's the point of true?
 
Raven
PostPosted: Tue Jan 17, 2006 10:34 am Reply with quote

As I tried to explain above, it's really just used as exists or not. In these cases, any value at all resolves to TRUE in a boolean test.
 
WD-40
PostPosted: Tue Jan 17, 2006 11:12 am Reply with quote

Thanks mate, appreciate the feedback and was curious w/ a few things in regards to this patch.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©