1
trollix
Re: Xoops doesn't like ZoneAlarm Pro
  • 2002/9/6 16:06

  • trollix

  • Just popping in

  • Posts: 7

  • Since: 2002/1/9 1


Try that hack : here



2
trollix
Re: (HACK) Prevent Firewall no-login
  • 2002/8/3 7:49

  • trollix

  • Just popping in

  • Posts: 7

  • Since: 2002/1/9 1


Ok, I understand. So I did it for an intranet...
But what is the risk ?
What could happen if someone use it on Internet ?
Have you another solution to avoid that no-login ?



3
trollix
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 20:04

  • trollix

  • Just popping in

  • Posts: 7

  • Since: 2002/1/9 1


Why do you consider that as a security hole ?
As I know, others CMS as PostNuke or PhpNuke don't use that feature...



4
trollix
(HACK) Prevent Firewall no-login
  • 2002/8/2 11:01

  • trollix

  • Just popping in

  • Posts: 7

  • Since: 2002/1/9 1


As I can't log behind my firewall (zone Alarm or Norton), I had to write a little hack to do that. When XOOPS tests the $HTTP_REFERER var and find it empty (function myRefererCheck) connection is not allowed.

To avoid that, I have written this little hack:
file html/class/mysql.php, line 147, you have:
...
if (myRefererCheck($errstr)) {
...

REPLACE by:
...
if (myRefererCheck($errstr) || ALLOW_FROM_PROXY)
...

and in include/common.php file, line 40, ADD:
define("ALLOW_FROM_PROXY", TRUE); // Disactivate referercheck for SQL requests

If you want to return back to the normal settings, then just put FALSE instead of TRUE.

Trollix - HQCH (Hope Que Ca Helpe)




TopTop



Login

Username:
Password:

Lost Password? Register now!

Who's Online

77 user(s) are online (50 user(s) are browsing Support Forums)


Members: 0


Guests: 77


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits