| Author |
Message |
GanjaUK
Life Cycles Becoming CPU Cycles
Joined: Feb 14, 2004
Posts: 633
Location: England
|
 Posted:
Sat Feb 14, 2004 1:53 pm |
|
I used some of your security patches and so far have noticed 2 serious problems with them.
1 was the news/index.php
After using this file, you try to vote for article, it no longer writes to the database, it logs the vote yes, but it scores it as ZERO, I got 3 users to vote for an article all different ratings, it recorded 3 votes, but the rating stayed on 0, I reverted back to the original file with nuke 7.1 and it fixed it, so something you guys done to it stopped that part working.
The other is /admin/modules/links.php
When viewing the admin section for web links, all the tables are broken at the bottom, and also you cannot modify the category of a link which was already posted. I reverted back to fresh 7.1 file and it fixed it.
Hope this information helps. Theres probably other bugs but these ones was the ones that i noticed and the problems was annoying enough to warrent me changing back to non security patched versions. |
| |
|
 
|
|
chatserv
Member Emeritus
Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
|
| Posted:
Sat Feb 14, 2004 2:48 pm |
|
To fix the ratings problem find in modules/News/index.php:
Code: $result = $db->sql_query("update ".$prefix."_stories set score=score+'.$score.', ratings=ratings+1 where sid='$sid'");
|
Change to:
Code: $result = $db->sql_query("update ".$prefix."_stories set score=score+$score, ratings=ratings+1 where sid='$sid'");
|
|
| |
|
|
|
|
chatserv
|
| Posted:
Sat Feb 14, 2004 2:50 pm |
|
I would need a screenshot of the admin links problem as i can't see any on my sites. |
| |
|
|
|
|
GanjaUK
|
| Posted:
Sat Feb 14, 2004 2:56 pm |
|
I will try that fix a bit laterand report back  I will grab you a screenshot too of what i mean, its the cat edit box its totally empty.
PS: I know this off topic, but if you have a spare minute maybe you could take a look at this thread: [ Only registered users can see links on this board! Get registered or login! ] seeing as you are the guru.
Thanks |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sat Feb 14, 2004 3:24 pm |
|
| GanjaUK wrote: | ... seeing as you are the guru.
Thanks |
 I knew I should never have given you that title .... |
Last edited by Raven on Sat Feb 14, 2004 3:25 pm; edited 1 time in total |
|
|
|
|
GanjaUK
|
| Posted:
Sat Feb 14, 2004 3:25 pm |
|
OK that fix worked! 
Here is the screenshot you requested of the admin/modules/links.php
The bottom of the page is quite messed up with your patch, and some stuff missing. And you can see the cat box is empty with the patched file:
 |
| |
|
|
|
|
chatserv
|
| Posted:
Sat Feb 14, 2004 5:03 pm |
|
In links.php find:
Code: while($row2 = $db->sql_fetchrow($db->sql_query($result2))) {
|
change to:
Code: while($row2 = $db->sql_fetchrow($result2)) {
|
|
| |
|
|
|
|
GanjaUK
|
| Posted:
Sat Feb 14, 2004 5:33 pm |
|
That fixed the cat, but the bottom table is really messed up and missing some info.
Should show:
Code:Link Comments (total comments: 0)
User Comment Delete
No Comments
Registered User Votes (total votes: 0)
User IP Address Rating User AVG Rating Total Ratings Date Delete
No Registered User Votes
Unregistered User Votes (total votes: 0)
IP Address Rating Date Delete
No Unregistered User Votes
Outside User Votes (total votes: 0)
IP Address Rating Date Delete
No Votes from Outside
|
but shows:
Code:Link Comments (total comments: 0)
User Comment Delete
No Comments
Registered User Votes (total votes: 0)
User IP Address Rating User AVG Rating Total Ratings Date Delete
No Registered User Votes
|
|
| |
|
|
|
|
chatserv
|
| Posted:
Sat Feb 14, 2004 5:56 pm |
|
|
|
|
|
chatserv
|
| Posted:
Sat Feb 14, 2004 6:20 pm |
|
I forgot i had similar issues with the downloads admin file so i had forgotten to check links.php, it required several changes so please re-download the pack and replace that file. The one for 7.1 has already been updated on the server, working on the rest now. |
| |
|
|
|
|
GanjaUK
|
| Posted:
Sat Feb 14, 2004 6:36 pm |
|
It worked well.  |
| |
|
|
|
|
chatserv
|
| Posted:
Sat Feb 14, 2004 6:39 pm |
|
| Raven wrote: | | GanjaUK wrote: | ... seeing as you are the guru.
Thanks |
I knew I should never have given you that title .... |
|
| |
|
|
|
|
GanjaUK
|
| Posted:
Sat Feb 14, 2004 6:50 pm |
|
Also there is a few errors in Your account/index.php
I thought i would mention them, i dont need a fix myself as i fixed them up, but maybe you might want to update your file again. When you click on a username to see their online status, send them a message etc, instead of showing their name at the top, it shows your OWN username, it also shows YOUR OWN online status instead of that user, and instead of saying send private message to "them" it has your username again.
I fixed it for my own servers by changing $username_pm to $userinfo[username] i had to use $userinfo[username] in 3 places so the page showed the user i was looking at rather then myself, not sure if this was the best way to fix it but it worked for me. |
| |
|
|
|
|
chatserv
|
| Posted:
Sat Feb 14, 2004 7:38 pm |
|
I can't duplicate that bug on 7.1 patched sites but since you had the problem and managed to fix it all is ok i guess. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
