rewiews module stopped working after uprading to 2.1.3

manunkind · Posted: Fri Dec 31, 2004 8:45 pm

That seems to have worked. Thanks Raven!

So it's safe now to comment out the Santy lines in Sentinel.php so that my Reviews section works again?

Raven · Posted: Fri Dec 31, 2004 8:49 pm

Yes, and I have corrected the above posts. Sorry about that. I had more rules after the last one so my code is ok with [NC,OR].

manunkind · Posted: Fri Dec 31, 2004 9:16 pm

Cool. Thanks Raven! Smile

skeen · Hangin' Around Joined: Jul 17, 2003 Posts: 29

Is that a version only issue Raven ? I have that statement and it doesnt effect my site when I am logged in but will it effect my users ?

Raven · Posted: Fri Dec 31, 2004 11:11 pm

v2.1.3 was the first version to have it. Not everyone has access to .htaccess so that's an alternative. But, as you have seen, it can have issues.

MrFluffy · Posted: Wed Jan 05, 2005 9:20 am

As the santy filter in fact stops all modules from working that use the $id variable in urls, couldn't you just use some other variable name in the filter?
I don't see that it is used further by sentinel anyway...

Raven · Posted: Wed Jan 05, 2005 9:27 am

Seems reasonable to me. We'll check it out Smile

BobMarion · Posted: Wed Jan 05, 2005 10:51 am

I'll update it today and post the new package as 2.1.3b

ptyp · New Member Joined: Jan 14, 2005 Posts: 1

BobMarion wrote:

I'll update it today and post the new package as 2.1.3b

dose this update work with phpnuke 7.5 reviews module?
If yes where can I download it? and if no, dose anyone have the fix, I aint use the .access protection.

thanks

montego · Posted: Fri Jan 14, 2005 4:55 pm

Bob, I can only find a Jan 1 version of Sentinel 2.1.3. Did you ever post a 2.1.3b?

TIA,
montego

Susann · Posted: Sat Jan 15, 2005 5:14 pm

The same problem with errors in rewiews:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/balblabla/includes/sql_layer.php on line 342

added (hinzugefügt): January 1st 1970
The date is a joke ?

So I removed the code for santi worms in sentinel.php. Now the reviews are back Smile

.

bry2k · New Member Joined: Dec 07, 2004 Posts: 12

Hello, I'm also wondering where I can get v213b of Sentinel. Currently my Gallery module is broken with v213 of Sentinel (

Only registered users can see links on this board!
Get registered or login to the forums!

) and I'm not clear on what to do to fix the problem. I do have .htaccess/CGIAuth protection enabled on my site, so I presume I don't need the Sanity worm code you guys were talking about...? Could someone help me out?

MrFluffy · Posted: Mon Jan 17, 2005 9:18 am

In includes/sentinel.php,

find:

Code:

// Stop Santy Worm
$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($id,$uri_content)=each($tmp)) {
if (strpos($REQUEST_URI,$uri_content)) {
die("Illegal Content");
}
}

and comment it out completely, or what I did, change it to

Code:

// Stop Santy Worm
$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($snid,$uri_content)=each($tmp)) {
if (strpos($REQUEST_URI,$uri_content)) {
die("Illegal Content");
}
}

This can't make it more useless than commenting it out, so it should be ok Wink

Susann · Posted: Mon Jan 17, 2005 10:43 am

So, I changed my .htaccess again and try your code with $snid it works fine without any error in reviews and the other modules too. I haven`t seen no more "Illegal Content" on my site. Laughing

cprompt · Regular Joined: Jun 08, 2004 Posts: 64

bry2k wrote:

Hello, I'm also wondering where I can get v213b of Sentinel. Currently my Gallery module is broken with v213 of Sentinel (

Only registered users can see links on this board!
Get registered or login to the forums!

) and I'm not clear on what to do to fix the problem. I do have .htaccess/CGIAuth protection enabled on my site, so I presume I don't need the Sanity worm code you guys were talking about...? Could someone help me out?

Do what MrFluffy says to do just below your post.
That worked for me and my Gallery module and it is simple to do.

mike

BobMarion · Posted: Thu Jan 27, 2005 9:41 am

I've shifted from doing 2.1.3b to making 2.2.0 instead and it's taking longer then i expected Smile

pudbat · New Member Joined: Mar 05, 2005 Posts: 20

does .staccess work the same as .htaccess? seems that if i can't have a .htaccess file in my root directory, i get a 500 server error

Raven · Posted: Fri Mar 11, 2005 12:06 am

No. The . just means to hide the file in *nix. .htaccess is unique and only pertains to Apache web servers. .staccess is just an ordinary file that *nix hides.

pudbat · New Member Joined: Mar 05, 2005 Posts: 20

thanks, Raven, i'm just a little unclear on what is the best Santy blocker if you don't have .htaccess?

Raven · Posted: Fri Mar 11, 2005 8:12 am

Seriously, if your host does not allow you to have .htaccess then you need to find another host. Without having access to .htaccess you are so limited in what you can do. While you could write code to place in mainfile.php, as an example, by that time the intruder is already at your site. And, he could bypass the calling of mainfile.php. .htaccess stops him at the server level.

BobMarion · Posted: Fri Mar 11, 2005 10:31 pm

I agree with Raven, .htaccess is by far the better method. The Santy protection in NukeSentinel is for those that do not have .htaccess access so that they have some level of protection.