1
Rou4cn
security bug from www.cnns.net
  • 2003/12/11 16:49

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


sorry it is in Chinese. however,you may be understand.

http://www.cnns.net/article/db/3758.htm

http://www.cnns.net/article/db/3757.htm

In each page,
first section is talk about source,
last section is the solution.

FYI



2
Rou4cn
Re: If smiley is too much, how to hack?
  • 2003/12/4 4:22

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


and for mylinks, done.

/modules/mylinks/admin/index.php

add width=540 below:

Quote:

// If there is a category, add a New Link

echo"<table width='100%' border='0' cellspacing='1' class='outer'>"
."<tr class=\"odd\"><td>";
echo "<form method=post action=index.php>\n";
echo "<h4>"._MD_ADDNEWLINK."</h4><br />\n";
echo "<table width=\"80%\"><tr>\n";
echo "<td align=\"right\">"._MD_SITETITLE."</td><td>";
echo "<input type=text name=title size=50 maxlength=100>";
echo "</td></tr><tr><td align=\"right\" nowrap>"._MD_SITEURL."</td><td>";
echo "<input type=text name=url size=50 maxlength=250 value=\"http://\">";
echo "</td></tr>";
echo "<tr><td align=\"right\" nowrap>"._MD_CATEGORYC."</td><td>";
$mytree->makeMySelBox("title", "title");
echo "<tr><td align=\"right\" valign=\"top\" nowrap>"._MD_DESCRIPTIONC."</td><td

width=540>\n";
xoopsCodeTarea("description",60,8);
xoopsSmilies("description");
//echo "<textarea name=description cols=60 rows=5></textarea>\n";
echo "</td></tr>\n";



3
Rou4cn
Re: If smiley is too much, how to hack?
  • 2003/12/4 4:11

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


Thanks.

I have 88 smileys, diaplay 57.

I try again and done.

Quote:

/**
* prepare HTML for output of the smiley list.
*
* @return string HTML
*/
function _renderSmileys()
{
$myts =& MyTextSanitizer::getInstance();
$smiles =& $myts->getSmileys();
$ret = '';
if (empty($smileys)) {
$db =& Database::getInstance();
if ($result = $db->query('SELECT * FROM '.$db->prefix('smiles').' WHERE display=1')) {
while ($smiles = $db->fetchArray($result)) {
$ret .= "<img onclick='xoopsCodeSmilie(\"".$this->getName()."\", \" ".$smiles['code']." \");' onmouseover='style.cursor=\"hand\"' src='".XOOPS_UPLOAD_URL."/".htmlspecialchars($smiles['smile_url'], ENT_QUOTES)."' alt='' />";

[color=0000FF]$ret .= "\n"; /color]

}
}
} else {
$count = count($smiles);
for ($i = 0; $i < $count; $i++) {
if ($smiles[$i]['display'] == 1) {
$ret .= "<img onclick='xoopsCodeSmilie(\"".$this->getName()."\", \" ".$smiles[$i]['code']." \");' onmouseover='style.cursor=\"hand\"' src='".XOOPS_UPLOAD_URL."/".$myts->oopsHtmlSpecialChars($smiles['smile_url'])."' border='0' alt='' />";
}
}
}
$ret .= "&nbsp;[<a href='#moresmiley' onclick='javascript:openWithSelfMain(\"".XOOPS_URL."/misc.php?action=showpopups&type=smilies&target=".$this->getName()."\",\"smilies\",300,475);'>"._MORE."</a>]";
return $ret;
}
}
?>


the blue color one need to be added

I don't know why it is done. but it is there.
Since the process of this function is out of my mind.



4
Rou4cn
If smiley is too much, how to hack? ---everything done
  • 2003/12/3 18:18

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


In news,newbb,mylink,message,blocksadmin module, when you send or edit something, the window may be to much wide if the smileys is visible to much.
It make inconvenient.

I have known how to hack for news,newbb and message, but blocksadmin and mylink. since the blocksadmin is link to \class\xoopsform\formdhtmltextarea.php and use smarty. I try but fail. so for help.

other is easy as it is HTML.

Below is the hack way.

1,messages:xoops/pmlite.php
echo "<tr valign='top'><td class='head' width='25%'>"._PM_MESSAGEC."</td>";
  echo 
"<td class='even' [color=0000FF]width='540'[/color]>";
  
xoopsCodeTarea("message",37,8);
  
xoopsSmilies("message");
  echo 
"</td>";
  echo 
"</tr>";

the “width='540'” it is.

2,newbb:/modules/newbb/includes/forumform.inc.php

<tr align='left'>
<
td class='head' valign='top' nowrap='nowrap'>". _MD_MESSAGEC ."
</td>
<
td class='odd' width='540'>";
xoopsCodeTarea("
message");

if ( !empty(
$isreply) && isset($hidden) && $hidden != "" ) {
    echo "
<input type='hidden' name='isreply' value='1' />";
    echo "
<input type='hidden' name='hidden' id='hidden' value='$hidden' />
    <
input type='button' name='quote' class='formButton' value='"._MD_QUOTE."' 

onclick='xoopsGetElementById("message").value=xoopsGetElementById("message").value + 

xoopsGetElementById("hidden").value; xoopsGetElementById("hidden").value="";' 
/><br />";
}
xoopsSmilies("
message");

echo "
</td></tr>


same add a "width='540'".

3,news:/modules/news/admin/storyform.inc.php

//  ------------------------------------------------------------------------ //

if ( !preg_match("/index.php/", $HTTP_SERVER_VARS['PHP_SELF']) ) {
    exit("access denied");
}
include XOOPS_ROOT_PATH."/include/xoopscodes.php";
if(!isset($submit_page)){
    $submit_page = $HTTP_SERVER_VARS['PHP_SELF'];
}
?>
<table><tr><td width=540>
<form action='<?php echo $submit_page;?>' method='post' name='coolsus'>
<?php
echo "<p>[b]"._AM_TITLE."[/b]<br />";
echo 
"<input type='text' name='title' id='title' value='";
if(isset(
$title)){
    echo 
$title;
}
echo 
"' size='70' maxlength='80' /><br />";
echo 
"<a href='javascript: justReturn()' onclick='xoopsCodeSmilie("hometext", "[picnews@index

");'>";


another width=540;


4, but for blocksadmin,

\class\xoopsform\formdhtmltextarea.php

Quote:
/**
* prepare HTML for output of the smiley list.
*
* @return string HTML
*/
function _renderSmileys()
{
$myts =& MyTextSanitizer::getInstance();
$smiles =& $myts->getSmileys();
$ret = '';
if (empty($smileys)) {
$db =& Database::getInstance();
if ($result = $db->query('SELECT * FROM '.$db->prefix('smiles').' WHERE display=1')) {
while ($smiles = $db->fetchArray($result)) {
$ret .= "<img onclick='xoopsCodeSmilie(\"".$this->getName()."\", \" ".$smiles['code']." \");' onmouseover='style.cursor=\"hand\"' src='".XOOPS_UPLOAD_URL."/".htmlspecialchars($smiles['smile_url'], ENT_QUOTES)."' alt='' />";
}
}
} else {
$count = count($smiles);
for ($i = 0; $i < $count; $i++) {
if ($smiles[$i]['display'] == 1) {
$ret .= "<img onclick='xoopsCodeSmilie(\"".$this->getName()."\", \" ".$smiles[$i]['code']." \");' onmouseover='style.cursor=\"hand\"' src='".XOOPS_UPLOAD_URL."/".$myts->oopsHtmlSpecialChars($smiles['smile_url'])."' border='0' alt='' />";
}
}
}
$ret .= "&nbsp;[<a href='#moresmiley' onclick='javascript:openWithSelfMain(\"".XOOPS_URL."/misc.php?action=showpopups&type=smilies&target=".$this->getName()."\",\"smilies\",300,475);'>"._MORE."</a>]";
return $ret;
}
}
?>


I try to add "\n" if it shows 15 smileys. as below but fail.

Quote:

for ($i = 0; $i < $count; $i++) {
if ($smiles[$i]['display'] == 1) {
$ret .= "getName()."\", \" ".$smiles[$i]['code']." \");' onmouseover='style.cursor=\"hand\"' src='".XOOPS_UPLOAD_URL."/".$myts->oopsHtmlSpecialChars($smiles['smile_url'])."' border='0' alt='' />";
$iii++;
$ret .= "\n";
}
  if ($i%15==14) $ret .="\n";//add a line

if ($iii == 15 ) {
$ret .="\n"; //add a empty line (another hack way)
$ret .= "\n\n";
}
}
}
$ret .= "\n";
// * $ret .= "
\n\n";
$ret .= " [getName()."\",\"smilies\",300,475);'>"._MORE."]";
return $ret;
}
}
?>


I try two way to hack, but fail.

Any comment? Thanks.



5
Rou4cn
Re: image manager category gone ?
  • 2003/12/3 4:48

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


Quote:

kjs222 wrote:
I found a quick fix. The problem is caused by an odd deletion of rows in the group_permissions table.

If you go into that table, you'll it probably has no rows that look like this:

gperm_id = 2509 (primary table ID)
gperm_groupid = 1 (the group # with this permission - 1 is required to see in admin)
gperm_itemid = 7 (this is the image category ID, see img category table)
gperm_modid = 1 (this should be 1 for you too - aka System Module)
gperm_name = imgcat_read

You just need to insert one such row for each itemid (aka image category). Everything else should be in-tact. Not sure what causes the problem, but hopefully this should solve it for you.

If you are unsure of the syntax, you can also go to your image manager, create a new category, and then look at it in the gperm table... then you can just duplicate the entry for each itemid.

Best wishes,
Keith


done. Thanks.

first make it can be read. then edit it to be writen by the certain grounps. then the row will be added.



6
Rou4cn
Re: image manager category gone ?
  • 2003/12/1 13:50

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


Quote:

onokazu wrote:
Sorry that I hadn't post anything here, but as knight said, this bug has been fixed on the CVS..


I have the same problem, while I restore the backup from xoops2.0.2 into a new Xoops2.0.5 by phpadmin, the table have all the data, but the image manager shows nothing, only which one is added from xoops2.0.5, even if I add a new one by phpadmin. (I know the strature of the table is not changed).
For example, I have 8 category before, but nothing shows in xoops2.0.5, then I add one, it shows 1 category only , then I add one by phpadmin(total is 10), still only the No.9 showed out.
It seem that some fuction can not automatic update according to the table of xoops_imagescategory.

any one overcome it?

I check the kernel/images*.php between xoops2.0.2 and xoops2.0.5 they are all same.
the /modules/system/admin/images/main.php is not much keywords changed.

Thanks.



7
Rou4cn
Re: NewBB Forum in XOOPS
  • 2003/11/7 17:22

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


Quote:

Emilien wrote:
Hi !

The version of newbb include in XOOPs is now out of date !! They released the 2.0.6 version of phpBB.

The 2.2 is on the way, are you willing update that version ? Do you want me to try to do such things ?

My idea:
- Modify phpBB templates to make it enter in the XOOPS template.
- Link bitween both user system...

Why ?
- More options
- More permissions


http://www.bbpixel.com/modules/news/
It is done. and improving. FYI.

and some Taiwan Xoopser made many mod inside,too.

http://www.koudanshi.net/

http://www.tw-xoops.org/modules/mydownloads/viewcat.php?cid=10




8
Rou4cn
Re: XOOPS 2.1 Core development Roadmap
  • 2003/11/1 14:59

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


I wish XOOPS may be faster and faster.

Learning from Discuz!(http://www.discuz.net/viewthread.php?tid=21660&fpage=1), put more thing into cache or session, let the db query less and faster.

The Discuz! is the fastest PHP BBS within China. the Discuz! 2.0 is free to use. Maybe you may install and analysis it as well.

The download link is
for GB2312: http://download.discuz.net/2.0/gb2312.rar
for Big5: http://download.discuz.net/2.0/big5.rar
each has the English lang in pack.

for your info.
THX.



9
Rou4cn
Re: 2.05 little request...
  • 2003/10/12 15:39

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


Quote:

sunsnapper wrote:
In fact, the Spanish support site puts the center-left and center-right blocks above the rest of the content... using x2t theme.

http://www.esxoops.com/modules/news/


Could anyone tell me where I may download the clock calender model in that website?
It is very good.



10
Rou4cn
Re: How to save 10K on each Xoops page
  • 2003/10/8 15:59

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


But nothing changed for it in Xoops2.0.5 yet. right?

I must still be waiting a more fast xoops.

according to discussion in cn.xoops.org, there are 3 point may improve:
1, every module use cache, but the forum will be ?
2, Learn from IPB, save something like Uid into session or cache, reduce more "SELECT * FROM xoops2_config WHERE (conf_modid = 0 AND conf_catid = 1) ORDER BY conf_order ASC"
3, the js.

the links:
http://www.hiweed.com/xoops/modules/n ... php?topic_id=1519&forum=8

http://www.hiweed.com/xoops/modules/n ... php?topic_id=1511&forum=8

http://www.hiweed.com/xoops/modules/n ... php?topic_id=1672&forum=5

but nothing in Xoops2.0.5!





TopTop
(1) 2 »



Login

Who's Online

52 user(s) are online (30 user(s) are browsing Support Forums)


Members: 0


Guests: 52


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits