1
Olorin
Php-stats Security Issue
  • 2006/3/22 10:17

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


Php-Stats Multiple Vulnerabilities and Security Issue

Official thread(Google's English translation)

Curerently, as of March 22th, there is no official patch for the issues.
Liberty is never being too sure you're right....



2
Olorin
Re: Taking you back to where you were??????????!!
  • 2005/9/10 12:44

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


I don't think we are facing exactly the same problem. But, in my case, there was a trouble when an anonymous user try to post a comment: he gets that error message "taking you ... where you were".

This is caused by the empty $_SESSION['XOOPS_TOKEN_SESSION'] as far as I know. (please bear in mind that I'm not a coder. :-p) So I swapped class/xoopssecurity.php with the one for "XoopsCube". (XoopsCube is compatible with XOOPS 2.0.x for the time being.) And I also uploaded "class/token.php" from XoopsCube, added some lines within XoopsSecurity class.

Add the following code somewhere in class/xoopssecurity.php
function checkReferer($docheck=1)
    {
        
$ref xoops_getenv('HTTP_REFERER');
        if (
$docheck == 0) {
            return 
true;
        }
        if (
$ref == '') {
            return 
true;
//            return false;
        
}
        if (
strpos($refXOOPS_URL) !== ) {
            return 
false;
        }
        return 
true;
    }


Please remember the fact that it may create an gaping security hole for I'm not a professional. At very least, it weakens the protection against CRSF. So all the webmasters must turn on referrer when s/he manages his/her web sites.

Anyway, this hack solved MY problem, and my site became more friendly to anonymous visiters. That's all I can say.
Liberty is never being too sure you're right....



3
Olorin
Re: Wiki Module for Xoops 2.0.X
  • 2005/6/9 14:46

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


You can also check bluemoon's modified Pukiwikimod.

http://www.bluemooninc.biz/~xoops2/modules/pukiwiki/?WhiteBoard

Pukiwikimod is a bit slower than bwiki. But it has more functionality when it comes to user permission. (Though, I personally prefer bwiki. :-p)

Anyway, have a look on its "Post-It plugin" at very least. It's really an astonishing feature!



4
Olorin
Re: Adding a link to the MAIN Menu
  • 2005/4/14 11:34

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


<class="menuMain" href="<{$xoops_url}>[b]/modules/wfchannel/blahblahblah[/b]">yourtext</a>
Well, I recommend you to install Multimenu, anyway. If you want to make your own "main menu" only, multimenu 1.4 jp-edition is sufficient. If you want to make varied menus, solo's multimenu 1.7 is the one.



5
Olorin
Re: Anti-Spam Operation
  • 2005/2/18 8:33

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


Quote:

4. A unique attribute and its correspong value to comment forms.
Well, I've figured it out.

include/comment_post.php
line 233
-if( ! xoops_refcheck() ) {
+if( ! 
xoops_refcheck() || $_POST['jfophmledf'] !== 'hgembaec' || $_POST['tzkrcekn'] !== 'qkspoflx' ) {
include/comment_form.php
line 103
$cform->addElement(new XoopsFormHidden('com_mode'$com_mode));
+
$cform->addElement(new XoopsFormHidden('jfophmledf''hgembaec'));
+
$cform->addElement(new XoopsFormHidden('tzkrcekn''qkspoflx'));


Quote:

To me it sounds like 3. and 4. have the same approach.
Kazu is working on implementing a ticket system for the upcoming XOOPS 2.0.10
Sounds promissing. Well, I agree with you that 3 & 4 have the same approach. Maybe I should have listed them up as 3a & 3b...



6
Olorin
Anti-Spam Operation
  • 2005/2/12 21:39

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


Referrer-Spaming(or Comment-Spam) is hot thesedays, which is a growing headache for webmasters in many ways:

1. It abuses your web server severely.
2. It's not just annoying to delete the spams everytime you check your web site, but just... GIVE ME A BREAK!!!!

Thanks to the appearance of "Protector", Headache-1 can be dealt with automatically since it can restrict the simultaneous accesses from the same IP.

Headache-2 is not that problematic for the community sites where all the comments are posted by registered users like here. But for the web sites where comments are open to public, it is.

Possible solutions:

1. .htaccess
SetEnvIf Referer "(.*)(ronnieazza|future-200|loan|loans|6q|diet-pills|sex|freakycheats|psxtreme|learnhowtoplay|online-deals-4u|poker|gambling|chat-nett|fidelityfunding|terashells|casino|crescentarian|yelucie|smsportali|viagra|blackjack|porn|nude|naked|adult|anal)(.*).(.*)" ToTheDeepestAbyssOfHELL
<Files *>
Order allow,deny
Allow from all
Deny from env
=ToTheDeepestAbyssOfHELL
</Files>
So called "Referrer Spams" contain banal referrer information to entice webmasters into their crappy web sites. I know that none of them may well click such feeble links, though they seem to think it works, somehow...lol Anyway, we can exploit this poor information.

2. xoops_refcheck()
include/comment_post.php

line232
if ($uid == 0) {
+            if ( ! 
xoops_refcheck() ) {
+                
redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$com_id.'&com_mode='.$com_mode.'&com_order='.$com_order1_NOPERM);
+                exit();
+            }
            switch (
$xoopsModuleConfig['com_rule']) {
            case 
XOOPS_COMMENT_APPROVEALL:

Given that no registered user commits spammming, it can block "referrer-spams" as long as they hold external referrer infomation. It would also block legitimate comments because many people simply have no idea what the firewall software in their computer does. To avoid this unintended inconvenience, you can disable referrer-check only when the empty referrer is recognised. Please search "Xoops FAQ" for the detailed information about it.

Btw, this function is accessible from all the modules. So this hack can be applied to those modules that use their original commenting system: B-wiki, WordPress, and etc..., too.

3. g_ticket
Maybe, it's not that difiicult to implement GIJOE's ticket system to Xoop's commenting system... But I DON'T KNOW HOW TO do it!!! lol

4. A unique attribute and its correspong value to comment forms.

This technique is widely adopted by many blog softwares to confirm if the comments are sent from your comment form.. But how can I implement this function to Xoops? That's the question. As far as I know, "Comment Callback Function" seems to be the one. But, again, I DON'T KNOW HOW TO assign an extra parameter with the provided xoops-form class... lol

Maybe, instead of assigning it, I can set a certain attribute and its value as an default extra-parameter by hacking core files in class/xoopsform, and insert "if ( A!==B){exit;}" into include/comment_post.php...

IMHO, I want this feature to be available from the admin panel in the future: Webmasters can define their original attribute and its corresponding value for the comment forms in their web site.



7
Olorin
Re: Auth Module for wrapping HTML, PHP, CGI web site
  • 2005/1/17 9:37

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


@carnuke
Quote:
I do not know what to do here? What module folder? Do I need to create one?


$modversion['dirname'] = "auth";

by changing the value of the variable above, you can have multiple instance with ease.

i.e.
modules/auth (default)
modules/auth2 (when "$modversion['dirname']" is "auth2";)

$auth_dir = "sample";

You can see "sample" directory in "auth" directory, right? This is where you put your contents by default.

If it doesn't work try the following values:

$auth_dir = "modules/auth/sample"; (default)
or
$auth_dir = "physical_path/modules/auth/sample"; (default)

What you have downloaded is an add-on to make your html contents searchable as Bender says. Don't forget to change the name of search function in "include/search.inc.php" when you use multiple instance. Or it causes conflicts

As regards its authentication, I have no idea since I don't use this module.



8
Olorin
Let's just calm down...
  • 2005/1/1 14:33

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


Quote:

Mithrandir wrote:
Ok, this is getting a bit one-sided. GIJOE is not very visible here, but I am sure he does a tremendous job in the Asian community sites, so it is not the case of a guy just coding, coding and coding and not doing any support work.
GIJOE is the most active supporter in Japan. Moreover, he couldn't be more active in his personal support site as you can see.

Quote:

carnuke wrote:
As this new year starts, let's invite some positive constructive response to this discussion in a way that all parties feel they are heard, appreciated and respected.
I quite agree with you. As Mithrandir stated on the news, XOOPS seems to be looking for the developers for the current version. At the same time, Japanese developers seem to be serious about leaving XOOPS and making their own one.

So why don't you make the best of Japanese developers' enthusiasm? For instance, you can let the Japanese team alter the current 2.0.x series. And the others focus on the 2.1 series.

Of course, there should be a consensus for the development so as not to make a difference between the current and the future one in their features.

This may delay the release of 2.1, eventually. But even Onokazu thinks there should be another release with a few, but not too radical, changes in the feature before 2.1 arrives.

In the end, all the Xoopsers can have more secure Xoops, Japanese team doesn't need to worry about the language, and English team can focus on the future version.

Surely, I'm not ignoring the other local communities. But Japanese developers are just HEATED in many ways.

This is "ORETEKI Xoops":
http://marijuana.ddo.jp/xoops/modules/mydownloads/
http://marijuana.ddo.jp/xoops/modules ... t.php?cid=1&lid=20&type=0

Some modules have already exceeded the standards of the core, I think. So it's high time we thought how to adopt these advanced features to the core, isn't it?



9
Olorin
Great Opera extension: BBCode&WikiSyntax
  • 2004/10/8 9:32

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


If you use Firefox, go to this thread:
https://xoops.org/modules/newbb/viewto ... t_id=96676#forumpost96676

If you are Opera user, you can make the most of its flexibility!

Paste the following lines on your "menu.ini":
&#x5b;Edit Widget Popup Menu&#x5d;
Submenu67653Edit Widget Insert Menu
Submenu
67654Internal Note List
--------------------
1
Submenu
"BB Code"BBCode
Submenu
"Wiki"Pukiwiki
--------------------1
Item
50864=Undo
Item
68116=Redo
--------------------2
Item
50865=Cut
Item
50866=Copy
Item
50867=Paste
Item
50868=Delete
--------------------3
Item
67652=Copy to note
--------------------4
Item
67655=Clear
Item
50869=Select all
Platform Windows
-Unix-QNX, --------------------5
Platform Windows
-Unix-QNXItem69620=Spell check


&#x5b;BBCode&#x5d;
Item"&#x5b;quote&#x5d;"=Insert"&#x5b;quote&#x5d;" Paste Insert"&#x5b;/quote&#x5d;"
Item"&#x5b;img&#x5d;"=Insert"&#x5b;img align=left&#x5d;" Paste Insert"&#x5b;/img&#x5d;"
Item"&#x5b;img-tag&#x5d;"=Insert"&#x5b;img&#x5d;&#x5b;/img&#x5d;"
Item"&#x5b;url&#x5d;"=Insert"&#x5b;url=" Paste Insert"&#x5d;&#x5b;/url&#x5d;"
Item"&#x5b;url-tag&#x5d;"=Insert"&#x5b;url&#x5d;&#x5b;/url&#x5d;"
Item"&#x5b;code&#x5d;"=Insert"&#x5b;code&#x5d;&#x5b;/code&#x5d;"
Item"&#x5b;list&#x5d;"=Insert"&#x5b;list&#x5d;&#x5b;*&#x5d;&#x5b;*&#x5d;&#x5b;*&#x5d;&#x5b;/list&#x5d;"
Submenu"Formatting"Formatting

&#x5b;Formatting&#x5d;
Item"&#x5b;b&#x5d;"=Cut Insert"&#x5b;b&#x5d;" Paste Insert"&#x5b;/b&#x5d;"
Item"&#x5b;i&#x5d;"=Cut Insert"&#x5b;i&#x5d;" Paste Insert"&#x5b;/i&#x5d;"
Item"&#x5b;u&#x5d;"=Cut Insert"&#x5b;u&#x5d;" Paste Insert"&#x5b;/u&#x5d;"
Item"&#x5b;d&#x5d;"=Cut Insert"&#x5b;d&#x5d;" Paste Insert"&#x5b;/d&#x5d;"
Submenu"Size"Formatting Size
Submenu
"Color"Formatting Color
Submenu
"Font"Formatting Font

&#x5b;Formatting Size&#x5d;
Item"&#x5b;size xxSmall&#x5d;"=Cut Insert"&#x5b;size=xx-small&#x5d;" Paste Insert"&#x5b;/size&#x5d;"
Item"&#x5b;size xSmall&#x5d;"=Cut Insert"&#x5b;size=x-small&#x5d;" Paste Insert"&#x5b;/size&#x5d;"
Item"&#x5b;size Small&#x5d;"=Cut Insert"&#x5b;size=small&#x5d;" Paste Insert"&#x5b;/size&#x5d;"
Item"&#x5b;size Large&#x5d;"=Cut Insert"&#x5b;size=medium&#x5d;" Paste Insert"&#x5b;/size&#x5d;"
Item"&#x5b;size Largest&#x5d;"=Cut Insert"&#x5b;size=large&#x5d;" Paste Insert"&#x5b;/size&#x5d;"
Item"&#x5b;size xLargest&#x5d;"=Cut Insert"&#x5b;size=x-large&#x5d;" Paste Insert"&#x5b;/size&#x5d;"
Item"&#x5b;size xxLargest&#x5d;"=Cut Insert"&#x5b;size=xx-large&#x5d;" Paste Insert"&#x5b;/size&#x5d;"

&#x5b;Formatting Color&#x5d;
Item"Blue"=Cut Insert"&#x5b;color=blue&#x5d;" Paste Insert"&#x5b;/color&#x5d;"
Item"Red"=Cut Insert"&#x5b;color=red&#x5d;" Paste Insert"&#x5b;/color&#x5d;"
Item"Purple"=Cut Insert"&#x5b;color=purple&#x5d;" Paste Insert"&#x5b;/color&#x5d;"
Item"Orange"=Cut Insert"&#x5b;color=orange&#x5d;" Paste Insert"&#x5b;/color&#x5d;"
Item"Yellow"=Cut Insert"&#x5b;color=yellow&#x5d;" Paste Insert"&#x5b;/color&#x5d;"
Item"Gray"=Cut Insert"&#x5b;color=gray&#x5d;" Paste Insert"&#x5b;/color&#x5d;"
Item"Green"=Cut Insert"&#x5b;color=green&#x5d;" Paste Insert"&#x5b;/color&#x5d;"

&#x5b;Formatting Font&#x5d;
Item"Arial"=Cut Insert"&#x5b;font=arial&#x5d;" Paste Insert"&#x5b;/font&#x5d;"
Item"Verdana"=Cut Insert"&#x5b;font=verdana&#x5d;" Paste Insert"&#x5b;/font&#x5d;"
Item"Courier"=Cut Insert"&#x5b;font=courier&#x5d;" Paste Insert"&#x5b;/font&#x5d;"
Item"Impact"=Cut Insert"&#x5b;font=impact&#x5d;" Paste Insert"&#x5b;/font&#x5d;"
Item"Geneva"=Cut Insert"&#x5b;font=geneva&#x5d;" Paste Insert"&#x5b;/font&#x5d;"
Item"Optima"=Cut Insert"&#x5b;font=optima&#x5d;" Paste Insert"&#x5b;/font&#x5d;"

&#x5b;Pukiwiki&#x5d;
Item"&#x5b;img&#x5d;"=Insert"&ref(" Paste Insert",center);"
Item"<pre>"=Insert"<pre></pre>"
Item"def-list"=Insert":|"
Submenu"Formatting"Syntax

&#x5b;Syntax&#x5d;
Item"&#x5b;b&#x5d;"=Cut Insert"''" Paste Insert"''"
Item"&#x5b;i&#x5d;"=Cut Insert"'''" Paste Insert"'''"
Item"&#x5b;u&#x5d;"=Cut Insert"%%%" Paste Insert"%%%"
Item"&#x5b;d&#x5d;"=Cut Insert"%%" Paste Insert"%%"
Submenu"Size"Syntax Size
Submenu
"Color"Syntax Color
Submenu
"Font"Syntax Font

&#x5b;Syntax Size&#x5d;
Item"xxSmall"=Cut Insert"&size(xx-small){" Paste Insert"};"
Item"xSmall"=Cut Insert"&size(x-small){" Paste Insert"};"
Item"Small"=Cut Insert"&size(small){" Paste Insert"};"
Item"Medium"=Cut Insert"&size(medium){" Paste Insert"};"
Item"Large"=Cut Insert"&size(large){" Paste Insert"};"
Item"xLarge"=Cut Insert"&size(x-large){" Paste Insert"};"
Item"xxLarge"=Cut Insert"&size(xx-large){" Paste Insert"};"

&#x5b;Syntax Color&#x5d;
Item"Blue"=Cut Insert"&color(blue){" Paste Insert"};"
Item"Red"=Cut Insert"&color(red){" Paste Insert"};"
Item"Purple"=Cut Insert"&color(purple){" Paste Insert"};"
Item"Orange"=Cut Insert"&color(orange){" Paste Insert"};"
Item"Yellow"=Cut Insert"&color(yellow){" Paste Insert"};"
Item"Gray"=Cut Insert"&color(gray){" Paste Insert"};"
Item"Green"=Cut Insert"&color(green){};"

&#x5b;Syntax Font&#x5d;
Item"Arial"=Cut Insert"&font(Arial){" Paste Insert"};"
Item"Verdana"=Cut Insert"&font(Verdana){" Paste Insert"};"
Item"Courier"=Cut Insert"&font(Courier){" Paste Insert"};"
Item"Impact"=Cut Insert"&font(Impact){" Paste Insert"};"
Item"Geneva"=Cut Insert"&font(Geneva){" Paste Insert"};"
Item"Optima"=Cut Insert"&font(Optima){" Paste Insert"};"


default WikiSyntax is configured for Pukiwiki. So if you use wakka, phpwiki, or wiwi, you can change the certain values to meet your need.

By the way, isn't there a way to disable BBcode in code without replacing "[" & "]" with "#???" ?

Well...Thx for forcing me to wait for 30 seconds... I'm not a spammer...I just forgot turning on Referrer... lol



10
Olorin
Re: how do I create colapsable menus
  • 2004/7/23 21:47

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


Multi-menuJP1.14
http://malaika.s31.xrea.com/modules/mydownloads/

****Link Styles****
1.Full-path link (Always shown)
Quote:
2.Assigning by modules names (Always shown)
Quote:
[module_name]
[module_name]xxxx.php?xxxx=xxxx


****Special Syntax for Sub-menu****
1. Static menu (Sub-menu is always shown)
Quote:
+[module_name]
+[module_name]xxxx.php?xxxx=xxxx


2. Dynamic Menu (Sub-menu is shown like Xoops' menu)
Quote:
@[module_name]
@[module_name]xxxx.php?xxxx=xxxx


==Examples==
A. @[news] , Title=News2
-When the module isn't chosen:
"News2"
-When the module is chosen:
"News"
"Submit News"
"Archive"

B. @[news]details.php?storyid=1 , Title=News2

-When the module isn't chosen:
"News2" (linking to News Item1)
-When the module is chosen:
"News2" (linking to News Item1)
"Submit News"
"Archive"

**You can make an arbitary selection for its title
================

I think it would work on English environment, too.(mb_string isn't required) It may be not the one for you since it doesn't allow you to define your original sub-menu.




TopTop
(1) 2 3 4 »



Login

Who's Online

61 user(s) are online (30 user(s) are browsing Support Forums)


Members: 0


Guests: 61


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits