Tutoriaux module for 7.6

Susann · Posted: Thu Mar 06, 2008 7:58 pm

I would like to use such a module or a similar to write my own "tuts" but I know there was a problem with sql injections with this module long time ago.

Is there still a security problem with version Tutoriaux_1.3 or is this fixed ?
And how about short urls for this module ?

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

Please PM any info you have on this problem, and I will investigate.

Not sure about short urls, but it's integrated into nukeSEO (sitemap), nukeFEED, and mSearch.

999 · Regular Joined: Sep 12, 2006 Posts: 58 Location: Dsm, IA

I would also like to know if there's an issue or risk with this. I have shortened urls for most everything except having users create tutorials on their own (as I don't really need that function).
.htaccess

Code:

RewriteRule ^tutorial-section-([0-9]*).html modules.php?name=Tutoriaux&rop=souscat&cid=$1 [L]
RewriteRule ^tutorial-([0-9]*).html modules.php?name=Tutoriaux&rop=tutoriaux&did=$1 [L]
RewriteRule ^tutorial-print-([0-9]*).html modules.php?name=Tutoriaux&file=print&did=$1 [L]
RewriteRule ^tutorial-([0-9]*)-comment.html modules.php?name=Tutoriaux&file=comment&did=$1 [L]
RewriteRule ^tutorial-([0-9]*)-viewcomments.html modules.php?name=Tutoriaux&file=viewcomment&did=$1 [L]
RewriteRule ^tutorials-inprogress.html modules.php?name=Tutoriaux&rop=enprepa [L]
RewriteRule ^tutorials-top10.html modules.php?name=Tutoriaux&rop=informations [L]
RewriteRule ^tutorial-create-([0-9]*).html modules.php?name=Tutoriaux&file=submitut&;cid=$1 [L]
RewriteRule ^tutorials.html modules.php?name=Tutoriaux [L]

GT-Tutoriaux.php

Code:

$urlin = array(
'"(?<!/)modules.php\?name=Tutoriaux&rop=souscat&cid=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&rop=tutoriaux&did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&file=print&did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&file=comment&did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&file=viewcomment&did=([0-9]*)"',
'"(?<!/)modules.php\?name=Tutoriaux&rop=enprepa"',
'"(?<!/)modules.php\?name=Tutoriaux&rop=informations"',
'"(?<!/)modules.php\?name=Tutoriaux"'
);

$urlout = array(
'tutorial-section-\\1.html',
'tutorial-\\1.html',
'tutorial-print-\\1.html',
'tutorial-\\1-comment.html',
'tutorial-\\1-viewcomments.html',
'tutorials-inprogress.html',
'tutorials-top10.html',
'tutorials.html'
);

Susann · Posted: Fri Mar 07, 2008 5:22 pm

999 thanks. I ´ll try it out.
I gave Kguse already all information I have about this and because he is using the same version of the Tutoriaux module I´m sure he will look into this. May take some time.
Btw: At secunia I found no entires for this module.

Guardian2003 · Posted: Sat Mar 08, 2008 2:14 am

Susann, I have been using it on my site for maybe a year or more with no problems and although that doesn't mean it is secure, I do get quite a lot of daily attacks.

Susann · Posted: Sat Mar 08, 2008 10:16 am

Well, I don´t know if everything is filtered correctly but I quess the important things are fixed otherwise it wouldn´t be available to download anymore.
There is just no versions history or change log.txt within the packet.

Susann · Posted: Mon Mar 17, 2008 4:53 pm

The rewrites rules in .htaccess doesn´t work for me.
The requested URL /indexmodules.php was not found on this server. So something isn´t correct with tutorial-section-.html
and shouldn´t this be:

Code:

'"(?<!/)modules.php\?name=Tutoriaux(?!&)"',

999 · Regular Joined: Sep 12, 2006 Posts: 58 Location: Dsm, IA

Sorry there was a couple typos in it when I pasted that, was late, other then that it works perfectly for me. I just based it off of the the taps for other files.

Susann · Posted: Mon Mar 17, 2008 8:01 pm

No problem. Thought I better warn others before they also spend hours to find out where the 404 came from.

montego · Posted: Mon Mar 17, 2008 8:06 pm

BTW, the "tap" has been in my forums for quite awhile now:

Only registered users can see links on this board!
Get registered or login to the forums!

Courteously of ANTH and then Delectable. Wink