| Author |
Message |
paranor
Worker
Joined: Aug 28, 2003
Posts: 227
|
 Posted:
Fri Dec 05, 2003 1:41 pm |
|
I'm confused on what this release is about. Is chatserv in charge of keeping php-nuke patched? What does RC2 mean to the nuke 6.x platform - doesn't RC mean it's still in beta?
[ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Fri Dec 05, 2003 5:51 pm |
|
These are patches to correct some flaws and security issues in the various versions. As Chat says, he has assigned them an RC status to signifiy that he has fixed everything he knows of and has tested them as much as he can. The versions and patches I offer may or may not contain everthing in his patch set. I have patched what I believe to be the major security issues as far as I know. I am no longer in the 'loop' at NC to know what they may have discovered and chose not to make public but rather just fix.
Apply these at your own risk. As with any patch or hack or mod, always make complete backups before applying any code. |
| |
|
|
|
|
paranor
|
| Posted:
Sat Dec 06, 2003 10:49 am |
|
I guess what I don't get is why isn't php-nuke.org fixing these or releasing them from that site.
It's like there is no centralized organization of this.
And I'm certainly not complaining!!!! I just find it weird to have to go to all of these places to get fixes. |
| |
|
|
|
|
Raven
|
| Posted:
Sat Dec 06, 2003 12:16 pm |
|
Supposedly, here is how it works. phpnuke.org releases a buggy version regularly (sorry, but it's true). NC does not fix bugs, only security issues. They continue releasing patches until the next buggy release. The buggy release is supposed to then incorporate the security fixes from NC. I suppose if we can somehow tie a security issue to the avatar problem ......  |
| |
|
|
|
|
chatserv
Member Emeritus
Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
|
| Posted:
Sat Dec 06, 2003 5:54 pm |
|
Think i should add my two cents on this, first off lay off the egg-nog Raven, i am not putting out security fixes for what NC has or may have discovered, the patches are a side project of mine much like most of the lame stuff i put out, these patches do take care of several bugs that do not relate to security issues (like typos and missing brackets, etc) those i will list as soon as i am back full time, second, yes, these patches do deal with some security issues but not on stuff anyone reported but on trying to make the code more secure to possible attacks, the theory on what has been done so far is detailed on two html files included with the patches, as for being in charge of security problems, no, i'm not, i do it out of my own will and i do not have the endorsement of phpnuke.org or anyone else for that matter, i'm in this because i care for the community whether i get credited or acknowledged or not. Enough ramblings for now, pass some of that egg-nog Raven.  |
| |
|
|
|
chatserv
|
| Posted:
Sat Dec 06, 2003 5:58 pm |
|
By the way RC = release candidate, as in "what i tested works ok but i may have missed something" one such missed thing was already reported and in affects 69 & 70, the file associates.php returns a parse error caused by single quotes on some variables, those should be removed (i.e. $atop['topicimage'] should be $atop[topicimage]) |
| |
|
|
|
|
Raven
|
| Posted:
Sat Dec 06, 2003 7:00 pm |
|
Thanks for clearing this up CS. |
| |
|
|
|
|
paranor
|
| Posted:
Sun Dec 07, 2003 4:53 pm |
|
mmmmmmmm - egg-nog. 
So if I'm a person who wants to throw some of these sites up for other people - who do I watch for to get official fixes. Or is this covered when Raven said | Quote: | | Supposedly, here is how it works. phpnuke.org releases a buggy version regularly (sorry, but it's true). NC does not fix bugs, only security issues. They continue releasing patches until the next buggy release. The buggy release is supposed to then incorporate the security fixes from NC. |
Is there an avatar security problem I should be aware of? I don't want egg on my face. |
| |
|
|
|
|
chatserv
|
| Posted:
Sat Dec 13, 2003 3:56 pm |
|
As far as "official" fixes goes i'm not aware that one such source exists to this date, some of us devote our time to fixing stuff but neither of us has been deemed "THE" official fixer, if it helps at all i have managed to get some of mine inserted into the core and i'd say my rep is still a good one, at least with those that really know me, i would guess it's all a matter of personal judgement. In my case i find something broken, i attempt to fix it, so far i've managed quite nicely or so i would like to think, the only ones that can really have a say on this are the ones that have used the fixes provided by myself, Raven and many others. |
| |
|
|
|
|
Frogger
Worker
Joined: Oct 06, 2003
Posts: 108
|
| Posted:
Wed Dec 17, 2003 10:18 pm |
|
Kudos CS....U do good work!! |
_________________
 |
|
 
 |
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
