Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules
Author Message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Thu Mar 06, 2008 7:58 pm Reply with quote

I would like to use such a module or a similar to write my own "tuts" but I know there was a problem with sql injections with this module long time ago.

Is there still a security problem with version Tutoriaux_1.3 or is this fixed ?
And how about short urls for this module ?
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Thu Mar 06, 2008 8:49 pm Reply with quote

Please PM any info you have on this problem, and I will investigate.

Not sure about short urls, but it's integrated into nukeSEO (sitemap), nukeFEED, and mSearch.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
999
Regular
Regular


Joined: Sep 12, 2006
Posts: 58
Location: Dsm, IA

PostPosted: Fri Mar 07, 2008 4:31 am Reply with quote

I would also like to know if there's an issue or risk with this. I have shortened urls for most everything except having users create tutorials on their own (as I don't really need that function).
.htaccess
Code:
RewriteRule ^tutorial-section-([0-9]*).html modules.php?name=Tutoriaux&rop=souscat&cid=$1 [L]

RewriteRule ^tutorial-([0-9]*).html modules.php?name=Tutoriaux&rop=tutoriaux&did=$1 [L]
RewriteRule ^tutorial-print-([0-9]*).html modules.php?name=Tutoriaux&file=print&did=$1 [L]
RewriteRule ^tutorial-([0-9]*)-comment.html modules.php?name=Tutoriaux&file=comment&did=$1 [L]
RewriteRule ^tutorial-([0-9]*)-viewcomments.html modules.php?name=Tutoriaux&file=viewcomment&did=$1 [L]
RewriteRule ^tutorials-inprogress.html modules.php?name=Tutoriaux&rop=enprepa [L]
RewriteRule ^tutorials-top10.html modules.php?name=Tutoriaux&rop=informations [L]
RewriteRule ^tutorial-create-([0-9]*).html modules.php?name=Tutoriaux&file=submitut&;cid=$1 [L]
RewriteRule ^tutorials.html modules.php?name=Tutoriaux [L]

GT-Tutoriaux.php
Code:
$urlin = array(

'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=souscat&amp;cid=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=tutoriaux&amp;did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&amp;file=print&amp;did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&amp;file=comment&amp;did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&amp;file=viewcomment&amp;did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=enprepa"',
'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=informations"',
'"(?<!/)modules.php\?name=Tutoriaux"'
);

$urlout = array(
'tutorial-section-\\1.html',
'tutorial-\\1.html',
'tutorial-print-\\1.html',
'tutorial-\\1-comment.html',
'tutorial-\\1-viewcomments.html',
'tutorials-inprogress.html',
'tutorials-top10.html',
'tutorials.html'
);


Last edited by 999 on Mon Mar 17, 2008 7:53 pm; edited 3 times in total 
View user's profile Send private message Visit poster's website MSN Messenger
Susann
PostPosted: Fri Mar 07, 2008 5:22 pm Reply with quote

999 thanks. I ´ll try it out.
I gave Kguse already all information I have about this and because he is using the same version of the Tutoriaux module I´m sure he will look into this. May take some time.
Btw: At secunia I found no entires for this module.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Sat Mar 08, 2008 2:14 am Reply with quote

Susann, I have been using it on my site for maybe a year or more with no problems and although that doesn't mean it is secure, I do get quite a lot of daily attacks.
 
View user's profile Send private message Send e-mail
Susann
PostPosted: Sat Mar 08, 2008 10:16 am Reply with quote

Well, I don´t know if everything is filtered correctly but I quess the important things are fixed otherwise it wouldn´t be available to download anymore.
There is just no versions history or change log.txt within the packet.
 
Susann
PostPosted: Mon Mar 17, 2008 4:53 pm Reply with quote

The rewrites rules in .htaccess doesn´t work for me.
The requested URL /indexmodules.php was not found on this server. So something isn´t correct with tutorial-section-.html
and shouldn´t this be:
Code:
'"(?<!/)modules.php\?name=Tutoriaux(?!&)"',
 
999
PostPosted: Mon Mar 17, 2008 7:52 pm Reply with quote

Sorry there was a couple typos in it when I pasted that, was late, other then that it works perfectly for me. I just based it off of the the taps for other files.
 
Susann
PostPosted: Mon Mar 17, 2008 8:01 pm Reply with quote

No problem. Thought I better warn others before they also spend hours to find out where the 404 came from.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Mar 17, 2008 8:06 pm Reply with quote

BTW, the "tap" has been in my forums for quite awhile now:
Only registered users can see links on this board! Get registered or login!

Courteously of ANTH and then Delectable. Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©