| Author |
Message |
WD-40
Regular
Joined: Dec 29, 2005
Posts: 62
|
 Posted:
Tue Jan 17, 2006 7:02 am |
|
If "includes/nukesentinel.php" is not present/removed you will get a white blank page.
Currently you have the following:
Code:
@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/sql_layer.php");
@require_once(INCLUDE_PATH."includes/ip_ban.php");
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
@include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
}
@require_once(INCLUDE_PATH."includes/nukesentinel.php");
|
You are using the require function which requires the file otherwise fails, if you wish to include it otherwise if not present proceed you must use the include function.
However, with security in mind and how NukeSentinel is built to operate, the above should be changed to:
Code:
@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/sql_layer.php");
if (file_exists(INCLUDE_PATH."includes/nukesentinel.php")) {
@require_once(INCLUDE_PATH."includes/nukesentinel.php");
}
elseif (!file_exists(INCLUDE_PATH."includes/nukesentinel.php")) {
@require_once(INCLUDE_PATH."includes/ipban.php");
}
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
@include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
}
|
Hope that helps you guys out! |
_________________
...multi-purpose problem solver |
|
 
|
|
WD-40
|
| Posted:
Tue Jan 17, 2006 7:59 am |
|
I do have a couple of questions though, these are mostly related to patches:
1. Why do you wish not to report any errors if these fail?
2. Why do you use php define('INDEX_FILE', true); statement when define('INDEX_FILE', false); has no control. You can put any statement like define('INDEX_FILE', funny); and still proceeds. It just needs to be defined versus changing true value.
Another thing, I changed value on define('HOME_FILE', true); to define('HOME_FILE', false); and no changes are effected. Only effected if commented out and same applies with all other alike define statements.
3. Why do you only require mainfile once repeatly versus just requiring it to keep it loaded?
I understand there situations where header/footer are not always required however mainfile is.
I personally think these define statements are being used incorrectly. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Jan 17, 2006 10:15 am |
|
| WD-40 wrote: | I do have a couple of questions though, these are mostly related to patches:
1. Why do you wish not to report any errors if these fail?
2. Why do you use php define('INDEX_FILE', true); statement when define('INDEX_FILE', false); has no control. You can put any statement like define('INDEX_FILE', funny); and still proceeds. It just needs to be defined versus changing true value.
Another thing, I changed value on define('HOME_FILE', true); to define('HOME_FILE', false); and no changes are effected. Only effected if commented out and same applies with all other alike define statements.
3. Why do you only require mainfile once repeatly versus just requiring it to keep it loaded?
I understand there situations where header/footer are not always required however mainfile is.
I personally think these define statements are being used incorrectly. |
Most of these are related to Chatserv's patches but I wil presuppose and answer them.
#1 - I agree that they should not be silenced. However, as I said, these are Chat's patches. I as a user make my own modifications.
#2 - The point is to either have it defined or not. If it is not defined at all it fails. There does not need to be a real boolean test. It's a test of exists or not. Defines are used because they cannot be changed once set and it improves the security.
#3 - require_once does just that. It keeps PHP from trying to reload it once it is loaded. This was the easiest patch to one of the many fundamental design issues of phpnuke.
See #2 as to the defines. |
| |
|
|
|
|
WD-40
|
| Posted:
Tue Jan 17, 2006 10:30 am |
|
#1. Okay and agreed.
#2. I'll take your word.
#3. Have you ever attemped to just require mainfile within index or does it fail? If it fails, is this only related to phpBB?
Guiess that's about it, I was manually doing some patching and looking between your release and latest 3.1 patch to check for any updates.
One last question w/ define statements in reference above, what's the point of true? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Jan 17, 2006 10:34 am |
|
As I tried to explain above, it's really just used as exists or not. In these cases, any value at all resolves to TRUE in a boolean test. |
| |
|
|
|
|
WD-40
|
| Posted:
Tue Jan 17, 2006 11:12 am |
|
Thanks mate, appreciate the feedback and was curious w/ a few things in regards to this patch. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
