XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Modules Support forums / 
  3. Module usage questions 
  4.  / Friend Requests Caused Blank Screen - Yogurt v3.2 RC1
Register
1
preachur
Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2008/7/3 20:37

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


I submitted a bug report on sourceforge, but it doesn't look like anyone is watching that list of bugs, since none of the reports have any responses since Feb.

So, here it is again:

I logged in today, went to my profile and I had 2 friend requests. I accepted one, and suddenly I had a white screen for my profile main page. I was able to delete the new friend, still no main profile page. Finally, I deleted all data from the database table yogurt_friendpetition

My profile page works again. However, the problem scares me.

Yogurt v3.2 RC1
OS: Linux box333.bluehost.com 2.6.22-19_1.BHsmp #1 SMP Thu May 22 08:08:32 MDT 2008 x86_64
PHP: 5.2.6
MySQL: 5.0.45-community-log
XOOPS: XOOPS 2.0.18
Magick can never be restrained, but when freely given is thrice regained!
2
damaster
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2008/7/3 22:43

  • damaster

  • Just can't stay away

  • Posts: 556

  • Since: 2003/5/11


Hi preachur,

while testing with XOOPS Cube Legacy
many issues were found. Some give full
access and control to admin account.
Take care ! And give a try to xsns.

Have Fun
I like people more than machines or money. But that's me!
Lets do something good and great: Lets do open source!
3
preachur
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2008/7/4 6:32

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


Will xsns work with XOOPS 2.0.18?
Magick can never be restrained, but when freely given is thrice regained!
4
damaster
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2008/8/17 20:06

  • damaster

  • Just can't stay away

  • Posts: 556

  • Since: 2003/5/11


Hi preachur,

i didn't test 2.0.18
but if it supports Altsys and XOOPS_TRUST_PATH
used by XOOPS Cube Legacy D3 modules
it should run smoothly

Have Fun !




Note:
I confirm that XOOPS sites running yougurt still vulnerable !
I like people more than machines or money. But that's me!
Lets do something good and great: Lets do open source!
5
script_fu
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Where in the heck is this xsns module for XOOPS and cube? Link please...
6
damaster
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2008/8/29 7:40

  • damaster

  • Just can't stay away

  • Posts: 556

  • Since: 2003/5/11


@script fu

Maybe at xoopscube.org under "compatibility" don't you think ?

Have Fun
I like people more than machines or money. But that's me!
Lets do something good and great: Lets do open source!
7
script_fu
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Yep found it last night on sf.jp will be testing this weekend. Thanks 4 the link.
8
alfred
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2008/8/29 18:35

  • alfred

  • Quite a regular

  • Posts: 249

  • Since: 2005/10/29


Quote:

preachur wrote:

Yogurt v3.2 RC1


install the yogurt V 3.3 RC2 and test it.
9
wrecked
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2008/9/4 11:06

  • wrecked

  • Just popping in

  • Posts: 55

  • Since: 2006/12/5


any new info?
10
Kiwi_Chris
Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

  • 2009/5/19 6:38

  • Kiwi_Chris

  • Just popping in

  • Posts: 79

  • Since: 2009/1/3 2


I am pleased for this post as I had the same issue with 3 of my members and after deleting the friend petitions for those users they are now fixed.

Any word on the safety of Yogurt??

Is there anything that I can do to patch the hole?

This is what I have read

Yogurt Social Network contains a flaw that allows a remote
cross site scripting attack.This flaw exists because
the application does not validate 'uid' variable upon
submission to Multiple scripts script in yogurt module.
This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server,
leading loss ofintegrity.

This was referring to RC1.

I would like to know if this is still the case, and if so any ideas on what I can do to plug this hole?

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

313 user(s) are online (244 user(s) are browsing Support Forums)

Members: 0

Guests: 313

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits