Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Bug Fixes
Author Message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Wed Jun 02, 2004 10:20 am Reply with quote

Now I know this is not directly Sentinel related but it affects how it works so bear with me... Mods if it needs moved I understand.

If there is someone interested in looking at this problem I have two examples I would like to show someone live... go to Only registered users can see links on this board! Get registered or login! and then to the downloads, enter sounds in the search and hit enter. The third entry and the fourth will be linked at the admin edit icon. When I hover over the admin edit icon I get the incorrect address in the IE bar at the bottom. It does not point to the admin edit page. It points to the long string which will set of Sentinel off. In addition go to the last of the three pages in this search and look at what appears in the IE address bar when you hover over the Previous Page link. It will show this:
Code:
www.gamersroam.com/modules.php?name=Downloads&d_op=viewdownloadcomments&lid=313&ttitle=Wilderness_Sounds_Mod>Comments%20(2)</a><br>Category:%20Gameplay%20Mods%20and%20Fixes<br><br></font><br><br><center><font%20class=

When someone clicks on that Previous Page link it will set off Sentinel and ban them. Right now I just have it set to email me but I would like to get this worked out so I can use Sentinel to it's full glorious potential! Something in the way the searches are being handled is incorrect. this seems to happen randomly although I am sure it isn't. i have tried to look at the code for the downloads to see if there is some character that is not allowing a line break but I cannot figure it out. I think someone with more code experience than I could figure it out. thanks for taking the time to look..
 
View user's profile Send private message Visit poster's website
blith
PostPosted: Mon Jun 07, 2004 8:01 am Reply with quote

I am just asking if anyone in the know has looked at this? Thanks!
 
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Mon Jun 07, 2004 8:12 am Reply with quote

Zip your download module's index file, upload it to your server and post the download url.
 
View user's profile Send private message Visit poster's website
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Mon Jun 07, 2004 9:08 am Reply with quote

Question, is this the "Standard" downloads module that comes with nuke or one of the many modified ones out there?

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
blith
PostPosted: Mon Jun 07, 2004 9:19 am Reply with quote

chatserv wrote:
Zip your download module's index file, upload it to your server and post the download url.
Only registered users can see links on this board! Get registered or login! thanks!
 
blith
PostPosted: Tue Jun 08, 2004 9:24 am Reply with quote

BobMarion wrote:
Question, is this the "Standard" downloads module that comes with nuke or one of the many modified ones out there?

It is the downloads module from here and patched with chatserv's fixes. In addition it has the fetch mod in it. But it is all from here.
 
blith
PostPosted: Thu Jun 10, 2004 7:17 am Reply with quote

I anyone looking at the file I made available? Thanks...
 
blith
PostPosted: Mon Jun 14, 2004 9:49 am Reply with quote

I just got an email from download submitter on my site that addresses this problem does anyone have any help for this?

Quote:
I recently tried to search for my plugins and
ran into a problem. I used the keyword "alchemy"
to try to call up my "Abelle Custom Potions"
plugin and the result page didn't display it
properly: it was slopped together with the
previous plugin in the search result list.
Could you please check this out and let me
know what the deal is here?
 
BobMarion
PostPosted: Mon Jun 14, 2004 9:55 am Reply with quote

I'm personally neck deep in the 2.0.0 version of Sentinel(tm). I will try to make some time in the next couple of days to try and see what's happening unless one of the other guys gets to it before I do.
 
blith
PostPosted: Mon Jun 14, 2004 11:42 am Reply with quote

Thanks Bob... I am sure you guys are very busy... and the only reason I am really after this so hard is because it does cause false bans with Sentinel. Right now I have the script abuse just set to email. I would like to have it on block but I can't until I get this sorted out.
 
blith
PostPosted: Tue Jun 29, 2004 9:51 pm Reply with quote

Has anyone had a chance to look into this. I am still getting the emails for this particualr bug through Sentinel. Thanks!
 
BobMarion
PostPosted: Tue Jun 29, 2004 11:32 pm Reply with quote

We have looked at it and found that even if we were to remove the ( and ) from the filter in Sentinel(tm) the native filter in nuke would refresh the page to the index.php page. We are looking at an alternate way of using the filters (possibly allowing admins to edit filters) thru the admin interface. Until then, and this option may open you to attacks, you can edit the includes/sentinel.php script to allow ( and ) by finding the following expression(around line 175):
Code:
(eregi("\([^>]*\"?[^)]*\)", $secvalue))
and changing it to
Code:
(eregi("[^>]*\"?[^)]*", $secvalue))
BE AWARE BY MAKING THIS ALTERATION YOU MAY OPEN YOUR SITE TO HACKS AND WE WILL NOT BE RESPONSIBLE IF THAT HAPPENS
 
blith
PostPosted: Wed Jun 30, 2004 3:20 pm Reply with quote

Well that solves the problem of the ( and ) but the major bug was an native bug in the search function like is posted above.. it causes search returns to run together thus creating strings like this.
Code:
www.gamersroam.com/modules.php?name=Downloads&d_op=viewdownloadcomments&lid=313&ttitle=Wilderness_Sounds_Mod>Comments%20(2)</a><br>Category:%20Gameplay%20Mods%20and%20Fixes<br><br></font><br><br><center><font%20class=

I was not so worried about the () because I can avoid that.

In the first post on this thread I gave instructions on how to recreate this native search bug. Has anyone looked at it?
 
blith
PostPosted: Thu Jul 15, 2004 10:54 am Reply with quote

Well I am back again, I am still getting SCRIPT attacks because of the way the Downloads search module handles the results. I am once again posting this because if people have Sentinel set to ban SCRIPT attacks then a lot of people are getting banned and pop up flooded due to a problem with the search function and not because of actual hacking. Bob posted a fix for the () problem and not for what I originally posted about. I detailed a way to recreate this problem in the first post. Thanks you guys I know you are busy but it really does affect your product.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Thu Jul 15, 2004 11:15 am Reply with quote

Have you commented out the includes statement in mainfile.php and verified that it is a Sentinel problem? As you know the () was a NUKE issue, not a Sentinel issue (per se), as we just mimicked the nuke code. I want to be sure we're not chasing nuke's tails again.
 
View user's profile Send private message
blith
PostPosted: Fri Jul 16, 2004 11:35 am Reply with quote

Raven wrote:
Have you commented out the includes statement in mainfile.php and verified that it is a Sentinel problem? As you know the () was a NUKE issue, not a Sentinel issue (per se), as we just mimicked the nuke code. I want to be sure we're not chasing nuke's tails again.

I am not posting about th( ) issue. Somehow that got lumped in here.. I am posting about the fact that the Downoads search lumps entries together and when a particular link is clicked on it will trigger the Abuse-SCRIPT ban in Sentinel. This has nothing to do with the ( ) issue. Here is an example of the Sentinel email. Notice the Query String. That is a result of the Downloads Search bug...
Code:


Reason: Abuse - SCRIPT
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Query String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: xxx.xxx.xxx.xxx
Remote Port: 35207
Request Method: GET
 
blith
PostPosted: Wed Aug 04, 2004 11:49 am Reply with quote

Is there a suggestion as to where I should go for help with this particular bug. I know it isn't a Sentinel bug per se but people could be banned from users sites if they have Script set to block. I want to be able to use Sentinel to it's fullest potential but I cannot due to the fact I have to have Script set to email only. Thanks for the look-see!!
 
Raven
PostPosted: Tue Aug 24, 2004 8:26 am Reply with quote

From your first post above, I see what you are talking about with the PREV link. I can't reproduce the admin edit one as I am not an admin. Just so I'm clear, is the PREV link the only one that affects your visitors?
 
Raven
PostPosted: Tue Aug 24, 2004 8:29 am Reply with quote

Also, I tried to grab the download zip you mad available and it doesn't work. Is the zip still available?
 
blith
PostPosted: Tue Aug 24, 2004 8:51 am Reply with quote

Raven wrote:
From your first post above, I see what you are talking about with the PREV link. I can't reproduce the admin edit one as I am not an admin. Just so I'm clear, is the PREV link the only one that affects your visitors?

Well, I think so but It might also occur wherever the two search entries are linked... but from the look at the string I could only find it in the PREV link... I am looking for the file right now. I may need to make another one.
 
blith
PostPosted: Tue Aug 24, 2004 8:57 am Reply with quote

Here is the link to the file: Only registered users can see links on this board! Get registered or login!

By the by. I just noticed something after trying all sorts of things. The entries seem to be linked together after a download that has received some votes. Ones that have no votes are not scrunched together.

Raven, you actually are an admin on my site. hee hee you just didn't know it!
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Aug 24, 2004 9:22 am Reply with quote

I don't have a large enough database to check this on locally. But clearly its a create bug with the paging. Try grabbing either a newer or older version of the downloads module. I tried the one here (6.9 patched 2.5 I think?) and the links work there. The version you have must have an error causing it to pickup the wrong url completely. Your previous link is showing this url
modules.php?name=Downloads&d_op=viewdownloadcomments&lid=491&ttitle=TES_Mod_Utility_1.5>Comments (4)</a><br>Category: Utilities<br><br></font><br><br>Select Page:   <b>[ <a href=
Which is completely wrong it should be showing modules.php?name=Downloads&d_op=search&
Anyway thats what I'd do is find a file the isn't buggered up at least that would get rid of this particular problem.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
sixonetonoffun
PostPosted: Tue Aug 24, 2004 9:24 am Reply with quote

Grr thos urls got walked on by the GT rules here but you should get the idea there.
 
blith
PostPosted: Tue Aug 24, 2004 10:47 am Reply with quote

So having version 7.2 and using a newer or older download module will be fine? I may wait a bit to see what Raven has to say about the file I provided...
 
sixonetonoffun
PostPosted: Tue Aug 24, 2004 10:57 am Reply with quote

You should be good to go up to the 7.4 chatserv patched 2.5 version of the downloads index.php But I'm not 100% sure which version you have there now if it turns out a bug introduced by the patched series we'll have to sort that out too. Do you know if that is what you have now the 7.2 patched series 2.5?

Thats ok if Raven has time to check it out.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Bug Fixes

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©