xoops forums

Forum Index


Board index » All Posts (OldFriend)




OldFriend

Just popping in
Posted on: 2006/11/16 11:07
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#11

Re: Smilie in comment not displaying

That worked a treat. Thanks


OldFriend

Just popping in
Posted on: 2006/11/15 13:52
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#12

Re: Smilie in comment not displaying

Sorry, I forgot to mention, my XOOPS is 2.2.3


OldFriend

Just popping in
Posted on: 2006/11/15 13:51
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#13

Smilie in comment not displaying

A user has posted a comment on my site using a smilie, but the < of the img tag is being translated into text rather than the tag.

Any ideas what is causing this?


OldFriend

Just popping in
Posted on: 2006/11/11 9:42
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#14

Re: Access Avatar Database

This is untested but I think will do what you want.

$member_handler =& xoops_gethandler('member');
$thisUser =& $member_handler->getUser($uid);
$avImg "<img src='".XOOPS_UPLOAD_URL."/".$thisUser->getVar('user_avatar')."' alt='".$thisUser->getVar('uname')."' />");


OldFriend

Just popping in
Posted on: 2006/11/11 7:56
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#15

Re: Simple Module Question

Doesn't it make sense to use "Select groups with access rights" during the install to just allow "Webmaster". Then it will not be displayed for anyone else.


OldFriend

Just popping in
Posted on: 2006/8/29 12:53
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#16

Re: System Security.

Very interesting. Thank you for that.

Now, my only question is this: Did he actually get "user information (and more) from the server it was ran on"?


OldFriend

Just popping in
Posted on: 2006/8/26 22:34
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#17

Re: System Security.

Quote:

Dave_L wrote:
<Files *.php>
Deny from all
</Files>


Quote:

Bandit-X wrote:

Quote:
Order Deny,Allow
Deny from all
<FilesMatch "\.(gif|jpe?g|png)$">
Allow from all
</FilesMatch>

only the .gif .jpg .jpeg and .png image files are web accessible in that directory. the rest of the files in that directory get a 404


More than one way to skin a cat. Thanks.


OldFriend

Just popping in
Posted on: 2006/8/26 12:38
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#18

Re: System Security.

Quote:

The 3 directories along with their subdirectories are:
cache
templates_c
uploads

I would also suggest that you protect these directories by placing a .htaccess file in each of these directories with
Deny from all


Hmmmmm, it seems that this .htaccess works only for the cache and the templates_c directory.

I just noticed that in the uploads directory that it prevents any uploaded images from being displayed.

Does anyone know if there is another .htaccess method that will allow these images from being displayed but prevent any **.php files from being executed?


OldFriend

Just popping in
Posted on: 2006/8/26 11:53
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#19

Re: System Security.

Quote:

jensclas wrote:
Hey Old freind - do you have protector module installed? Curious to know if this happened in spite of using protector.


Yes, I have protector installed.


OldFriend

Just popping in
Posted on: 2006/8/25 13:03
OldFriend
OldFriend (Show more)
Just popping in
Posts: 99
Since: 2005/10/28
#20

Re: System Security.

OK. Thanks for that. What can the hacker do with "all my server information"?

Since I found these first 2 files, I have found a stack of similar files throughout my site.

It seems that EVERY directory in my XOOPS site that has permissions set to 777.

I have deleted as many as I can, but there are even some of these files that now say that I don't have permission to delete.... I have contacted my host to try to remedy that.

I suggest that you all have a look in your directories to see if you have some php files there that shouldn't be.

The 3 directories along with their subdirectories are:
cache
templates_c
uploads

I would also suggest that you protect these directories by placing a .htaccess file in each of these directories with
Deny from all



TopTop
« 1 (2) 3 4 5 ... 10 »