Support Forums - All Posts - XOOPS Web Application System

91

Problem with clear:both attribute in templates

2006/2/22 17:17
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

Hey all,

I'm trying to design a new theme for my site and thought I could try to be cool and do it without tables and only css

So here the problem:

Some of the modules, notably CBB, make heavy use in their templates of <br style="clear:both"> to position elements underneath each other, which interfers with my own layout and leads to nasty white spaces, because the next line after these breaks begins underneath everything else, also the side panels. How do I box the modules in a container that contains clear attribute within itself? I don't want to go through all the templates, that looks like a lot of work.

Probably a little confuse my explanation. You can currently see what I'm talking about if you go tohttp://www.xoopsforge.org/modules/article/ With all new XOOPS 3 alpha or what's it called, and article module.

I assume it's not going to be up for long, but it tells me it's a problem that not only I have, so I'm basically trying to dig the expertise

www.affvu.org

92

Bug in search.php, 2.2.4?

2006/1/30 17:33
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

Hi,

I've applied that upgrade patch to 2.2.4, and now, if I try to do a search from the system search block while I'm looking at pages from certain modules, I get:

Quote:

Fatal error: Call to a member function search() on a non-object in SITEURL\search.php on line 168

It seems to me that the certain modules from which this happens are the ones that are themselves not listed as searchable, such as Xoopspolls and the Sitemap module.

Any thoughts?

www.affvu.org

93

Re: registration date problem?

2006/1/24 0:49
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

Actually, these forums aren't all that bad. Or they're quite good

At least that's my appreciation. May just be difficult for the devs or more savvy people to post something if the answer isn't all that obvious. Or perhaps, it's also terribly obvious and has been answered a million times already. But I didn't find it. But if we keep this thread alive, I'm sure someone will eventually enlighten us

In the meantime, we could try figuring out whether there's something our installs have in common and that might be causing the issue. XOOPS protector is not it, then, which is very good news indeed. My two other ideas: 1.) The people who're trying to register do something funny, like reloading (or double posting) a page they're not supposed to, or they have some firewall installed which strips something from the registration form (I will interview one person who's had that issue and whom I know personally). Or 2.) there might be something with particular PHP and database configurations/versions. Or perhaps also some slowness/time out/hickup in database queries, in which case we might probably just have to live with it or change the webhost.

I have PHP 5.05 on FreeBSD 4.11 and MySQL 4.1.15. What about you?

www.affvu.org

94

Re: registration date problem?

2006/1/21 21:54
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

I second this question, I have the same thing here. Some users can register, for others, they get that strange registration date and a negative post count. You others: Are you using xoopsprotector module? I somehow had the idea it might have to do with a link being sanitized along the way or something. Just an idea, probably not right.

Veeery interested in having some knowledgable person giving us a lead.

www.affvu.org

95

Re: ERRATUM

2006/1/15 5:44
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

Quote:

by technigrafa on 2006/1/14 12:54:05

Maybe I'm not understanding this correctly, but I did the fix described here and indeed it got rid of the extra period at the end of email addresses. But even though there is a fancy javascript to make a spider safe mailto: link, the HTML version is still included right behind it--won't that still be spidered?

Hmm, I may be wrong, but if I'm not, then what the javascript does is writing the mailto link into the source of the page that's eventually displayed by the browser. It tells the browser to amend the source before rendering it. Some browsers may actually show you the amended source from a temporary location if you hit "view source", others may show you the original version as served by the server. Don't know.
Now, if you want to see whether the hack works as intended, you can switch off javascript in your browser and reload the page. Then, it should not render the link, and it should also not drop the tag into the source. If it does, then the problem is, indeed, a problem.

www.affvu.org

96

Re: ERRATUM

2006/1/6 15:10
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

Thanks a bunch, snakes, no more dots and other stuff behind the email addresses

www.affvu.org

97

Re: automatically added dot after e-mail address

2006/1/4 23:15
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

So it is the textsanitizer! Look at snakes's post in the hacks forum for cause and solution. Just in case: I haven't verified it myself, but it makes sense to me.

www.affvu.org

98

Re: Security Alert: my "index.php" file has been hacked by "trust4free"

2006/1/4 17:27
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

I would be lying if I said I knew. Restricting extensions is not enough. Could easily come with any extension. Mime types may be more effective, but perhaps still not enough... Looks to me like this might become a real problem. Others know better...

As for telling whether an image file is malicious: You'd probably have to rely on your AV software. So, if you look at it and your AV balks, then it's malicious. If not, it may still be malicious and just not yet recognized by the AV.

www.affvu.org

99

Re: Security Alert: my "index.php" file has been hacked by "trust4free"

2006/1/4 16:37
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

Mamba, Windows OneCare seems to be a good choice in this case as they say they can detect attempts at exploiting the vulnerability. Also good, of course, you didn't download the .wmf file. There might be some other avenues into your system, though. This one's quite nasty and comes through quite a choice of open doors. Also, it's not one particular virus or worm, but a gateway for people to install all different sorts of #OOPS# on our systems. I'm sure you're on top of it, but I think it's important to keep an eye on it, also to protect visitors to our sites from falling prey...

There's some good information at the Internet Storm Center (http://isc1.sans.org/), many other sites, of course. And MS on the issue athttp://www.microsoft.com/technet/security/advisory/912840.mspx. Stay safe!

Oh! And I think m0nty is right when it comes to what has happened at your site. But the next attacker possibly wouldn't have to go through the server, but could just upload a file to a gallery or something. I was referring to the more general threat I see in this .wmf thing. Btw.: If they're on the server, "read only" may not make much of a difference. Depends.

www.affvu.org

100

Re: Security Alert: my "index.php" file has been hacked by "trust4free"

2006/1/4 16:10
Tobias
Not too shy to talk
Posts: 172
Since: 2005/9/13

Looks to me like Mamba's site has been used for distribution of some exploit for that WMF vulnerability mess that seems to have the potential to become quite a nightmare for Windows users. So, my question would be: How can we obtain maximum protection against people placing one of those nasty images in, say, the image galleries that are on our sites? Or any other module that lets people upload something. Restricting extensions and mime types may not be enough

Mamba, I hope you didn't look at your compromised site from a Windows box. In any case, it may be a very good idea to update virus defs and do a full system scan on your own machine. But that you probably did already.

www.affvu.org

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Problem with clear:both attribute in templates

Bug in search.php, 2.2.4?

Re: registration date problem?

Re: registration date problem?

Re: ERRATUM

Re: ERRATUM

Re: automatically added dot after e-mail address

Re: Security Alert: my "index.php" file has been hacked by "trust4free"

Re: Security Alert: my "index.php" file has been hacked by "trust4free"

Re: Security Alert: my "index.php" file has been hacked by "trust4free"

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}