Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
paranor
Worker
Worker


Joined: Aug 28, 2003
Posts: 227

PostPosted: Fri Dec 05, 2003 1:41 pm Reply with quote

I'm confused on what this release is about. Is chatserv in charge of keeping php-nuke patched? What does RC2 mean to the nuke 6.x platform - doesn't RC mean it's still in beta?

Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Fri Dec 05, 2003 5:51 pm Reply with quote

These are patches to correct some flaws and security issues in the various versions. As Chat says, he has assigned them an RC status to signifiy that he has fixed everything he knows of and has tested them as much as he can. The versions and patches I offer may or may not contain everthing in his patch set. I have patched what I believe to be the major security issues as far as I know. I am no longer in the 'loop' at NC to know what they may have discovered and chose not to make public but rather just fix.

Apply these at your own risk. As with any patch or hack or mod, always make complete backups before applying any code.
 
View user's profile Send private message
paranor
PostPosted: Sat Dec 06, 2003 10:49 am Reply with quote

I guess what I don't get is why isn't php-nuke.org fixing these or releasing them from that site.

It's like there is no centralized organization of this.

And I'm certainly not complaining!!!! I just find it weird to have to go to all of these places to get fixes.
 
Raven
PostPosted: Sat Dec 06, 2003 12:16 pm Reply with quote

Supposedly, here is how it works. phpnuke.org releases a buggy version regularly (sorry, but it's true). NC does not fix bugs, only security issues. They continue releasing patches until the next buggy release. The buggy release is supposed to then incorporate the security fixes from NC. I suppose if we can somehow tie a security issue to the avatar problem ...... Laughing
 
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Sat Dec 06, 2003 5:54 pm Reply with quote

Think i should add my two cents on this, first off lay off the egg-nog Raven, i am not putting out security fixes for what NC has or may have discovered, the patches are a side project of mine much like most of the lame stuff i put out, these patches do take care of several bugs that do not relate to security issues (like typos and missing brackets, etc) those i will list as soon as i am back full time, second, yes, these patches do deal with some security issues but not on stuff anyone reported but on trying to make the code more secure to possible attacks, the theory on what has been done so far is detailed on two html files included with the patches, as for being in charge of security problems, no, i'm not, i do it out of my own will and i do not have the endorsement of phpnuke.org or anyone else for that matter, i'm in this because i care for the community whether i get credited or acknowledged or not. Enough ramblings for now, pass some of that egg-nog Raven. Mr. Green
 
View user's profile Send private message Visit poster's website
chatserv
PostPosted: Sat Dec 06, 2003 5:58 pm Reply with quote

By the way RC = release candidate, as in "what i tested works ok but i may have missed something" one such missed thing was already reported and in affects 69 & 70, the file associates.php returns a parse error caused by single quotes on some variables, those should be removed (i.e. $atop['topicimage'] should be $atop[topicimage])
 
Raven
PostPosted: Sat Dec 06, 2003 7:00 pm Reply with quote

Thanks for clearing this up CS.
 
paranor
PostPosted: Sun Dec 07, 2003 4:53 pm Reply with quote

mmmmmmmm - egg-nog. Smile

So if I'm a person who wants to throw some of these sites up for other people - who do I watch for to get official fixes. Or is this covered when Raven said
Quote:
Supposedly, here is how it works. phpnuke.org releases a buggy version regularly (sorry, but it's true). NC does not fix bugs, only security issues. They continue releasing patches until the next buggy release. The buggy release is supposed to then incorporate the security fixes from NC.

Wink

Is there an avatar security problem I should be aware of? I don't want egg on my face.
 
chatserv
PostPosted: Sat Dec 13, 2003 3:56 pm Reply with quote

As far as "official" fixes goes i'm not aware that one such source exists to this date, some of us devote our time to fixing stuff but neither of us has been deemed "THE" official fixer, if it helps at all i have managed to get some of mine inserted into the core and i'd say my rep is still a good one, at least with those that really know me, i would guess it's all a matter of personal judgement. In my case i find something broken, i attempt to fix it, so far i've managed quite nicely or so i would like to think, the only ones that can really have a say on this are the ones that have used the fixes provided by myself, Raven and many others.
 
Frogger
Worker
Worker


Joined: Oct 06, 2003
Posts: 108

PostPosted: Wed Dec 17, 2003 10:18 pm Reply with quote

Kudos CS....U do good work!!

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©