1
GIJOE
Patches for newbb 1.0 and PHP <= 4.3.9
  • 2004/12/22 7:19

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


As you know a vulnerablity about function unserialize() is found in PHP <= 4.3.9

This can cause some crackings via newbb 1.0, because newbb uses unserialize() against $_COOKIE.

This is the security patches.
If your server's PHP still <= 4.3.9 and you use newbb 1.0, patch this.

Although I don't know newbb2, it may be safe because newbb looks it does not store informations of last_read in COOKIE.

diff -rc newbb_old/index.php newbb/index.php
*** newbb_old/index.php    Fri Jan 30 08:28:30 2004
--- newbb/index.php    Wed Dec 22 16:16:09 2004
***************
*** 
75,81 ****
              continue;
          }
          
// Read 'lastread' cookie, if exists
!         $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
          foreach ( 
$forums as $forum_row ) {
              unset(
$last_post);
              if ( 
$forum_row['cat_id'] == $categories[$i]['cat_id'] ) {
--- 
75,93 ----
              continue;
          }
          
// Read 'lastread' cookie, if exists
!         //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
!         // GIJ start
!         if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();
!         else {
!             
$topic_lastreadtmp explode',' $_COOKIE['newbb_topic_lastread'] ) ;
!             foreach( 
$topic_lastreadtmp as $tmp ) {
!                 
$idmin explode'|' $tmp ) ;
!                 
$id = empty( $idmin[0] ) ? intval$idmin[0] ) ;
!                 
$min = empty( $idmin[1] ) ? intval$idmin[1] ) ;
!                 
$topic_lastread$id ] = $min 60 ;
!             }
!         }
!         
// GIJ end
          
foreach ( $forums as $forum_row ) {
              unset(
$last_post);
              if ( 
$forum_row['cat_id'] == $categories[$i]['cat_id'] ) {
diff -rc newbb_old/post.php newbb/post.php
*** newbb_old/post.php    Fri Jan 30 08:28:30 2004
--- newbb/post.php    Wed Dec 22 16:11:54 2004
***************
*** 
45,50 ****
--- 
45,53 ----
      }
      
$forumdata $xoopsDB->fetchArray($result);
  
+     
// GIJ Patch
+     if( empty( $forumdata['allow_html'] ) ) $HTTP_POST_VARS['nohtml'] = ;

      if ( 
$forumdata['forum_type'] == ) {
      
// To get here, we have a logged-in user. So, check whether that user is allowed to view
      // this private forum.
diff -rc newbb_old/viewforum.php newbb/viewforum.php
*** newbb_old/viewforum.php    Wed Feb  4 00:58:48 2004
--- newbb/viewforum.php    Wed Dec 22 16:12:32 2004
***************
*** 
192,198 ****
  }
  
  
// Read topic 'lastread' times from cookie, if exists
$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
  while ( 
$myrow $xoopsDB->fetchArray($result) ) {
  
       if ( empty(
$myrow['last_poster']) ) {
--- 
192,210 ----
  }
  
  
// Read topic 'lastread' times from cookie, if exists
//$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
// GIJ start
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();
! else {
!     
$topic_lastreadtmp explode',' $_COOKIE['newbb_topic_lastread'] ) ;
!     foreach( 
$topic_lastreadtmp as $tmp ) {
!         
$idmin explode'|' $tmp ) ;
!         
$id = empty( $idmin[0] ) ? intval$idmin[0] ) ;
!         
$min = empty( $idmin[1] ) ? intval$idmin[1] ) ;
!         
$topic_lastread$id ] = $min 60 ;
!     }
! }
// GIJ end
  
while ( $myrow $xoopsDB->fetchArray($result) ) {
  
       if ( empty(
$myrow['last_poster']) ) {
diff -rc newbb_old/viewtopic.php newbb/viewtopic.php
*** newbb_old/viewtopic.php    Thu Feb  5 03:43:44 2004
--- newbb/viewtopic.php    Wed Dec 22 16:15:28 2004
***************
*** 
348,354 ****
  
$xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM'lang_joined' => _MD_JOINED'lang_posts' => _MD_POSTS'lang_poster' => _MD_POSTER'lang_thread' => _MD_THREAD'lang_edit' => _EDIT'lang_delete' => _DELETE'lang_reply' => _REPLY'lang_postedon' => _MD_POSTEDON));
  
  
// Read in cookie of 'lastread' times
$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
  
// if cookie is not set for this topic, update view count and set cookie
  
if ( empty($topic_lastread[$topic_id]) ) {
      
$sql 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='$topic_id;
--- 
348,366 ----
  
$xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM'lang_joined' => _MD_JOINED'lang_posts' => _MD_POSTS'lang_poster' => _MD_POSTER'lang_thread' => _MD_THREAD'lang_edit' => _EDIT'lang_delete' => _DELETE'lang_reply' => _REPLY'lang_postedon' => _MD_POSTEDON));
  
  
// Read in cookie of 'lastread' times
//$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
// GIJ eliminated unserialize
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();
! else {
!     
$topic_lastreadtmp explode',' $_COOKIE['newbb_topic_lastread'] ) ;
!     foreach( 
$topic_lastreadtmp as $tmp ) {
!         
$idmin explode'|' $tmp ) ;
!         
$id = empty( $idmin[0] ) ? intval$idmin[0] ) ;
!         
$min = empty( $idmin[1] ) ? intval$idmin[1] ) ;
!         
$topic_lastread$id ] = $min 60 ;
!     }
! }
// GIJ end
  // if cookie is not set for this topic, update view count and set cookie
  
if ( empty($topic_lastread[$topic_id]) ) {
      
$sql 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='$topic_id;
***************
*** 
356,362 ****
  }
  
// Update cookie
  // FIXME: doesn't check if 4kB limit of cookie is exceeded!
$topic_lastread[$topic_id] = time();
setcookie("newbb_topic_lastread"serialize($topic_lastread), time()+365*24*3600$bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);
  include 
XOOPS_ROOT_PATH.'/footer.php';
  
?>
--- 368,389 ----
  }
  // Update cookie
  // FIXME: doesn't check if 4kB limit of cookie is exceeded!
! // GIJ Patch begin
! //$topic_lastread[$topic_id] = time();
! //setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);
! $topic_lastread[$topic_id] = intval( ceil( time() / 60 ) ) ;

! arsort($topic_lastread);

! $counter = 300 ;
! $str4cookie = '' ;
! foreach( $topic_lastread as $id => $time ) {
!     $str4cookie .= intval( $id ) . '|' . intval( $time ) . ',' ;
!     if( -- $counter < 0 ) break ;
! }
! $str4cookie = substr( $str4cookie , 0 , -1 ) ;

! setcookie("newbb_topic_lastread", $str4cookie , time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);
! // GIJ Patch end
  include XOOPS_ROOT_PATH.'/footer.php';
  ?>

2
smdcom
Re: Patches for newbb 1.0 and PHP <= 4.3.9

good info GIJOE! Thanks.

SMD

3
smdcom
Re: Patches for newbb 1.0 and PHP <= 4.3.9

you should add this patch at XOOPS sourceforge.

4
Mithrandir
Re: Patches for newbb 1.0 and PHP <= 4.3.9

As this has to do with a module, dev.xoops.org is the place to post it to get developer attention.

5
GIJOE
Re: Patches for newbb 1.0 and PHP <= 4.3.9
  • 2004/12/24 21:33

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


The code I've pasted have a typo.

Use this instead of the older.
diff -rc newbb_old/index.php newbb/index.php
*** newbb_old/index.php    Fri Jan 30 08:28:30 2004
--- newbb/index.php    Wed Dec 22 16:16:09 2004
***************
*** 
75,81 ****
              continue;
          }
          
// Read 'lastread' cookie, if exists
!         $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
          foreach ( 
$forums as $forum_row ) {
              unset(
$last_post);
              if ( 
$forum_row['cat_id'] == $categories[$i]['cat_id'] ) {
--- 
75,93 ----
              continue;
          }
          
// Read 'lastread' cookie, if exists
!         //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
!         // GIJ start
!         if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();
!         else {
!             
$topic_lastreadtmp explode',' $_COOKIE['newbb_topic_lastread'] ) ;
!             foreach( 
$topic_lastreadtmp as $tmp ) {
!                 
$idmin explode'|' $tmp ) ;
!                 
$id = empty( $idmin[0] ) ? intval$idmin[0] ) ;
!                 
$min = empty( $idmin[1] ) ? intval$idmin[1] ) ;
!                 
$topic_lastread$id ] = $min 60 ;
!             }
!         }
!         
// GIJ end
          
foreach ( $forums as $forum_row ) {
              unset(
$last_post);
              if ( 
$forum_row['cat_id'] == $categories[$i]['cat_id'] ) {
diff -rc newbb_old/post.php newbb/post.php
*** newbb_old/post.php    Fri Jan 30 08:28:30 2004
--- newbb/post.php    Wed Dec 22 16:11:54 2004
***************
*** 
45,50 ****
--- 
45,53 ----
      }
      
$forumdata $xoopsDB->fetchArray($result);
  
+     
// GIJ Patch
+     if( empty( $forumdata['allow_html'] ) ) $HTTP_POST_VARS['nohtml'] = ;

      if ( 
$forumdata['forum_type'] == ) {
      
// To get here, we have a logged-in user. So, check whether that user is allowed to view
      // this private forum.
diff -rc newbb_old/viewforum.php newbb/viewforum.php
*** newbb_old/viewforum.php    Wed Feb  4 00:58:48 2004
--- newbb/viewforum.php    Wed Dec 22 16:12:32 2004
***************
*** 
192,198 ****
  }
  
  
// Read topic 'lastread' times from cookie, if exists
$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
  while ( 
$myrow $xoopsDB->fetchArray($result) ) {
  
       if ( empty(
$myrow['last_poster']) ) {
--- 
192,210 ----
  }
  
  
// Read topic 'lastread' times from cookie, if exists
//$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
// GIJ start
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();
! else {
!     
$topic_lastreadtmp explode',' $_COOKIE['newbb_topic_lastread'] ) ;
!     foreach( 
$topic_lastreadtmp as $tmp ) {
!         
$idmin explode'|' $tmp ) ;
!         
$id = empty( $idmin[0] ) ? intval$idmin[0] ) ;
!         
$min = empty( $idmin[1] ) ? intval$idmin[1] ) ;
!         
$topic_lastread$id ] = $min 60 ;
!     }
! }
// GIJ end
  
while ( $myrow $xoopsDB->fetchArray($result) ) {
  
       if ( empty(
$myrow['last_poster']) ) {
diff -rc newbb_old/viewtopic.php newbb/viewtopic.php
*** newbb_old/viewtopic.php    Thu Feb  5 03:43:44 2004
--- newbb/viewtopic.php    Wed Dec 22 16:15:28 2004
***************
*** 
348,354 ****
  
$xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM'lang_joined' => _MD_JOINED'lang_posts' => _MD_POSTS'lang_poster' => _MD_POSTER'lang_thread' => _MD_THREAD'lang_edit' => _EDIT'lang_delete' => _DELETE'lang_reply' => _REPLY'lang_postedon' => _MD_POSTEDON));
  
  
// Read in cookie of 'lastread' times
$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
  
// if cookie is not set for this topic, update view count and set cookie
  
if ( empty($topic_lastread[$topic_id]) ) {
      
$sql 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='$topic_id;
--- 
348,366 ----
  
$xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM'lang_joined' => _MD_JOINED'lang_posts' => _MD_POSTS'lang_poster' => _MD_POSTER'lang_thread' => _MD_THREAD'lang_edit' => _EDIT'lang_delete' => _DELETE'lang_reply' => _REPLY'lang_postedon' => _MD_POSTEDON));
  
  
// Read in cookie of 'lastread' times
//$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();
// GIJ eliminated unserialize
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();
! else {
!     
$topic_lastreadtmp explode',' $_COOKIE['newbb_topic_lastread'] ) ;
!     foreach( 
$topic_lastreadtmp as $tmp ) {
!         
$idmin explode'|' $tmp ) ;
!         
$id = empty( $idmin[0] ) ? intval$idmin[0] ) ;
!         
$min = empty( $idmin[1] ) ? intval$idmin[1] ) ;
!         
$topic_lastread$id ] = $min 60 ;
!     }
! }
// GIJ end
  // if cookie is not set for this topic, update view count and set cookie
  
if ( empty($topic_lastread[$topic_id]) ) {
      
$sql 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='$topic_id;
***************
*** 
356,362 ****
  }
  
// Update cookie
  // FIXME: doesn't check if 4kB limit of cookie is exceeded!
$topic_lastread[$topic_id] = time();
setcookie("newbb_topic_lastread"serialize($topic_lastread), time()+365*24*3600$bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);
  include 
XOOPS_ROOT_PATH.'/footer.php';
  
?>
--- 368,389 ----
  }
  // Update cookie
  // FIXME: doesn't check if 4kB limit of cookie is exceeded!
! // GIJ Patch begin
! //$topic_lastread[$topic_id] = time();
! //setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);
! $topic_lastread[$topic_id] = intval( ceil( time() / 60 ) ) * 60 ;

! arsort($topic_lastread);

! $counter = 250 ;
! $str4cookie = '' ;
! foreach( $topic_lastread as $id => $time ) {
!     $str4cookie .= intval( $id ) . '|' . intval( $time / 60 ) . ',' ;
!     if( -- $counter < 0 ) break ;
! }
! $str4cookie = substr( $str4cookie , 0 , -1 ) ;

! setcookie("newbb_topic_lastread", $str4cookie , time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);
! // GIJ Patch end
  include XOOPS_ROOT_PATH.'/footer.php';
  ?>

6
tl
Re: Patches for newbb 1.0 and PHP <= 4.3.9
  • 2004/12/24 23:10

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


GIJOE, thank you for the patches.

The patched files can be downloaded at XOOPS Tips
http://xoops-tips.com/

Happy Holidays everyone!

Login

Who's Online

258 user(s) are online (179 user(s) are browsing Support Forums)


Members: 0


Guests: 258


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits