Support Forums - All Posts - XOOPS Web Application System

1

PHP vulnerabilities - unserialize() function

2004/12/18 0:20
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

As per this announcement blatently stolen from slashdot, does the XOOPS API use the unserialize() function and is it vulnerable to this security hole in PHP?

I have recompiled PHP anyhow just to be safe, but just wondering if 90% of xoopsers who are hosted on shared hosting and cannot recompile themselves, if they are vulnerable to this.

And what measures other than upgrading php can be taken to secure XOOPS from this - assuming of course that it uses the unserialize() function at all.

Heno.

2

Re: The URL rewrite mod

2004/6/22 6:19
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

I have played with the Exploz hack, but to be honest I am not a fan of hacking core files unless it is an official patch.. (or at least in the CVS).

I am not looking for a 'module' for re-writing implementation, but just suggesting that the core developers have a look at somewhere (way) down the track integrating some kind of customisable URL writing (as I am sure they already have or are at least thinking about it).

It is better to code such a feature at a core level, and ensure that modules comply to IT rather than the opposite - having to code it so that it works with current modules unaware of such a function. I understand this is probably the main reason the core developers haven't (yet) implemented such a thing.

3

Re: The URL rewrite mod

2004/6/21 10:34
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

I completely agree!

The url re-writing in some other (more bloated) CMS's, such as ezpublish, is nothing short of beautiful. Drupal isn't too bad either, although having 'node' in every url is a pain.

From a professional point of view, it is a little 'lacking' not being able to customise the navigation of a XOOPS site. I realise the difficulty of this task, especially with module integration etc.. But it is definately something that needs to be looked at, even if it cannot be implemented until version 3 or 4.

</end rant>

4

Re: New Hosting Provider - Offered

2004/6/2 2:24
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

Something tells me you are a 1and1 affiliate


http://www.1and1.com/[b][size=large][color=993333]?k_id=6591523[/color][/size][/b]

Just my 2cents.

5

Re: Newbb Pro (attachments, mark read ...)

2004/3/11 9:54
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

Quote:

@Hennessy: Are you running the latest version of Xoops? I tried on 2.0.3, and that didn't work. Then I upgraded to 2.0.6 and it ran like a charm.

I am running 2.0.6...

...and still can't get it to work...

6

Re: Newbb Pro (attachments, mark read ...)

2004/3/11 1:34
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

Quote:

@Hennessy Update scripts must be on main directory, not inside newbb folder. I'm running it on a Windows server without problems. www.forjandoleyendas.com

It was in the main dir... I have tried again and still with no success...

I will have a play around and see how I go.

[edit]
I tried again, and did everything the way you described and the same thing happens... the forum main page works, but clicking on a particular forum I am met with a blank page... turning on phpdebug still reveals the following on the main page:


Notice: Undefined index: 4 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 5 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 8 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 14 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 15 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 6 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 7 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 12 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 16 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 9 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 10 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156



Notice: Undefined index: 11 in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbindex.php on line 156

and this on the blank page that happens on each forum:


Notice: Undefined index: mark_read in C:Program FilesApache GroupApache2htdocsdragstermodulesnewbbviewforum.php on line 37

I have no idea why this is happening...
[/edit]

7

Re: Newbb Pro (attachments, mark read ...)

2004/3/8 1:06
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

I tried this on a windows server and it doesn't seem to be working. Php debug is giving errors of an undefined index in /modules/newbb/index.php line 156...

Also, when I click the button in the updater scripts (both of them) nothing seemed to happen... it just reloaded the page.

I am also getting errors of an undefined index mark_read...

8

Re: XOOPS and server load

2004/2/19 1:14
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

I am not sure what you mean as to how to get 500,000 hits. But I can give you the circumstances of those two days.

I have a site dedicated to drag racing and it was one weekend that we were covering a major meeting. So over the two days the site was hit quite heavily as people checked in to see updated results from the two days of racing.

If you are asking how the site became that popular in only 3 months... I guess all I can say is that I found a market opportunity, and the site is now the leader in this market.

I hope that answers your question. I was not really sure what you meant by it.

Cheers.
Heno.

(and I find it odd that you bumped after only 4 minutes!

)

9

XOOPS and server load

2004/2/18 12:27
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

I have had my site running for 90 days now and it often has 50 -60 user online at one time. At this point in time I have experienced little depreciation in server response time (I am using the cache feature) but am just wondering what the 'theoretical' limit of the XOOPS core would be as far as online users goes.

I am just worried that as the site expands (considering that it has only been live for 3 months) whether I will reach the limit of Xoops' efficiency - keeping in mind that I realise a lot of it has to do with server specs.

BTW, I should point out that this is in no way an attack on the XOOPS developers. In fact I was very impressed that XOOPS worked faultlessly over my biggest weekend - well over 500,000 hits in 2 days on a virtual host. It is just a question that jumped into my head - if she is this good.. how much can she REALLY take?

Cheers.
Heno.

10

Re: all i see is #edit# #edit#

2004/2/4 1:59
Hennessy
Just popping in
Posts: 30
Since: 2003/10/28

That would be the way you have done your censoring. I had the same problem WAAAAAY back when I first tested xoops. I can't remember what it was exactly, but it is something to do with spaces between the '|' in the censor options.

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

PHP vulnerabilities - unserialize() function

Re: The URL rewrite mod

Re: The URL rewrite mod

Re: New Hosting Provider - Offered

Re: Newbb Pro (attachments, mark read ...)

Re: Newbb Pro (attachments, mark read ...)

Re: Newbb Pro (attachments, mark read ...)

Re: XOOPS and server load

XOOPS and server load

Re: all i see is #edit# #edit#

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}