Patches for newbb 1.0 and PHP <= 4.3.9 [Xoops 2.0 Bug Report]

1

Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 7:19
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

As you know a vulnerablity about function unserialize() is found in PHP <= 4.3.9

This can cause some crackings via newbb 1.0, because newbb uses unserialize() against $_COOKIE.

This is the security patches.
If your server's PHP still <= 4.3.9 and you use newbb 1.0, patch this.

Although I don't know newbb2, it may be safe because newbb looks it does not store informations of last_read in COOKIE.

 diff -rc newbb_old/index.php newbb/index.php 
*** newbb_old/index.php    Fri Jan 30 08:28:30 2004 
--- newbb/index.php    Wed Dec 22 16:16:09 2004 
*************** 
*** 75,81 **** 
              continue; 
          } 
          // Read 'lastread' cookie, if exists 
!         $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
          foreach ( $forums as $forum_row ) { 
              unset($last_post); 
              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) { 
--- 75,93 ---- 
              continue; 
          } 
          // Read 'lastread' cookie, if exists 
!         //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
!         // GIJ start 
!         if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array(); 
!         else { 
!             $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ; 
!             foreach( $topic_lastreadtmp as $tmp ) { 
!                 $idmin = explode( '|' , $tmp ) ; 
!                 $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ; 
!                 $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ; 
!                 $topic_lastread[ $id ] = $min * 60 ; 
!             } 
!         } 
!         // GIJ end 
          foreach ( $forums as $forum_row ) { 
              unset($last_post); 
              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) { 
diff -rc newbb_old/post.php newbb/post.php 
*** newbb_old/post.php    Fri Jan 30 08:28:30 2004 
--- newbb/post.php    Wed Dec 22 16:11:54 2004 
*************** 
*** 45,50 **** 
--- 45,53 ---- 
      } 
      $forumdata = $xoopsDB->fetchArray($result); 
   
+     // GIJ Patch 
+     if( empty( $forumdata['allow_html'] ) ) $HTTP_POST_VARS['nohtml'] = 1 ; 
+  
      if ( $forumdata['forum_type'] == 1 ) { 
      // To get here, we have a logged-in user. So, check whether that user is allowed to view 
      // this private forum. 
diff -rc newbb_old/viewforum.php newbb/viewforum.php 
*** newbb_old/viewforum.php    Wed Feb  4 00:58:48 2004 
--- newbb/viewforum.php    Wed Dec 22 16:12:32 2004 
*************** 
*** 192,198 **** 
  } 
   
  // Read topic 'lastread' times from cookie, if exists 
! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
  while ( $myrow = $xoopsDB->fetchArray($result) ) { 
   
       if ( empty($myrow['last_poster']) ) { 
--- 192,210 ---- 
  } 
   
  // Read topic 'lastread' times from cookie, if exists 
! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
! // GIJ start 
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array(); 
! else { 
!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ; 
!     foreach( $topic_lastreadtmp as $tmp ) { 
!         $idmin = explode( '|' , $tmp ) ; 
!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ; 
!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ; 
!         $topic_lastread[ $id ] = $min * 60 ; 
!     } 
! } 
! // GIJ end 
  while ( $myrow = $xoopsDB->fetchArray($result) ) { 
   
       if ( empty($myrow['last_poster']) ) { 
diff -rc newbb_old/viewtopic.php newbb/viewtopic.php 
*** newbb_old/viewtopic.php    Thu Feb  5 03:43:44 2004 
--- newbb/viewtopic.php    Wed Dec 22 16:15:28 2004 
*************** 
*** 348,354 **** 
  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON)); 
   
  // Read in cookie of 'lastread' times 
! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
  // if cookie is not set for this topic, update view count and set cookie 
  if ( empty($topic_lastread[$topic_id]) ) { 
      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id; 
--- 348,366 ---- 
  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON)); 
   
  // Read in cookie of 'lastread' times 
! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
! // GIJ eliminated unserialize 
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array(); 
! else { 
!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ; 
!     foreach( $topic_lastreadtmp as $tmp ) { 
!         $idmin = explode( '|' , $tmp ) ; 
!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ; 
!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ; 
!         $topic_lastread[ $id ] = $min * 60 ; 
!     } 
! } 
! // GIJ end 
  // if cookie is not set for this topic, update view count and set cookie 
  if ( empty($topic_lastread[$topic_id]) ) { 
      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id; 
*************** 
*** 356,362 **** 
  } 
  // Update cookie 
  // FIXME: doesn't check if 4kB limit of cookie is exceeded! 
! $topic_lastread[$topic_id] = time(); 
! setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']); 
  include XOOPS_ROOT_PATH.'/footer.php'; 
  ?> 
--- 368,389 ---- 
  } 
  // Update cookie 
  // FIXME: doesn't check if 4kB limit of cookie is exceeded! 
! // GIJ Patch begin 
! //$topic_lastread[$topic_id] = time(); 
! //setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']); 
! $topic_lastread[$topic_id] = intval( ceil( time() / 60 ) ) ; 
!  
! arsort($topic_lastread); 
!  
! $counter = 300 ; 
! $str4cookie = '' ; 
! foreach( $topic_lastread as $id => $time ) { 
!     $str4cookie .= intval( $id ) . '|' . intval( $time ) . ',' ; 
!     if( -- $counter < 0 ) break ; 
! } 
! $str4cookie = substr( $str4cookie , 0 , -1 ) ; 
!  
! setcookie("newbb_topic_lastread", $str4cookie , time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']); 
! // GIJ Patch end 
  include XOOPS_ROOT_PATH.'/footer.php'; 
  ?>

2

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 8:10
smdcom
Posts: 901
Since: 2004/4/27

good info GIJOE! Thanks.

SMD

3

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 8:12
smdcom
Posts: 901
Since: 2004/4/27

you should add this patch at XOOPS sourceforge.

4

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 8:19
Mithrandir
XOOPS is my life!
Posts: 6320
Since: 2003/6/21

As this has to do with a module, dev.xoops.org is the place to post it to get developer attention.

5

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/24 21:33
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

The code I've pasted have a typo.

Use this instead of the older.

 diff -rc newbb_old/index.php newbb/index.php 
*** newbb_old/index.php    Fri Jan 30 08:28:30 2004 
--- newbb/index.php    Wed Dec 22 16:16:09 2004 
*************** 
*** 75,81 **** 
              continue; 
          } 
          // Read 'lastread' cookie, if exists 
!         $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
          foreach ( $forums as $forum_row ) { 
              unset($last_post); 
              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) { 
--- 75,93 ---- 
              continue; 
          } 
          // Read 'lastread' cookie, if exists 
!         //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
!         // GIJ start 
!         if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array(); 
!         else { 
!             $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ; 
!             foreach( $topic_lastreadtmp as $tmp ) { 
!                 $idmin = explode( '|' , $tmp ) ; 
!                 $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ; 
!                 $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ; 
!                 $topic_lastread[ $id ] = $min * 60 ; 
!             } 
!         } 
!         // GIJ end 
          foreach ( $forums as $forum_row ) { 
              unset($last_post); 
              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) { 
diff -rc newbb_old/post.php newbb/post.php 
*** newbb_old/post.php    Fri Jan 30 08:28:30 2004 
--- newbb/post.php    Wed Dec 22 16:11:54 2004 
*************** 
*** 45,50 **** 
--- 45,53 ---- 
      } 
      $forumdata = $xoopsDB->fetchArray($result); 
   
+     // GIJ Patch 
+     if( empty( $forumdata['allow_html'] ) ) $HTTP_POST_VARS['nohtml'] = 1 ; 
+  
      if ( $forumdata['forum_type'] == 1 ) { 
      // To get here, we have a logged-in user. So, check whether that user is allowed to view 
      // this private forum. 
diff -rc newbb_old/viewforum.php newbb/viewforum.php 
*** newbb_old/viewforum.php    Wed Feb  4 00:58:48 2004 
--- newbb/viewforum.php    Wed Dec 22 16:12:32 2004 
*************** 
*** 192,198 **** 
  } 
   
  // Read topic 'lastread' times from cookie, if exists 
! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
  while ( $myrow = $xoopsDB->fetchArray($result) ) { 
   
       if ( empty($myrow['last_poster']) ) { 
--- 192,210 ---- 
  } 
   
  // Read topic 'lastread' times from cookie, if exists 
! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
! // GIJ start 
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array(); 
! else { 
!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ; 
!     foreach( $topic_lastreadtmp as $tmp ) { 
!         $idmin = explode( '|' , $tmp ) ; 
!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ; 
!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ; 
!         $topic_lastread[ $id ] = $min * 60 ; 
!     } 
! } 
! // GIJ end 
  while ( $myrow = $xoopsDB->fetchArray($result) ) { 
   
       if ( empty($myrow['last_poster']) ) { 
diff -rc newbb_old/viewtopic.php newbb/viewtopic.php 
*** newbb_old/viewtopic.php    Thu Feb  5 03:43:44 2004 
--- newbb/viewtopic.php    Wed Dec 22 16:15:28 2004 
*************** 
*** 348,354 **** 
  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON)); 
   
  // Read in cookie of 'lastread' times 
! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
  // if cookie is not set for this topic, update view count and set cookie 
  if ( empty($topic_lastread[$topic_id]) ) { 
      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id; 
--- 348,366 ---- 
  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON)); 
   
  // Read in cookie of 'lastread' times 
! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array(); 
! // GIJ eliminated unserialize 
! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array(); 
! else { 
!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ; 
!     foreach( $topic_lastreadtmp as $tmp ) { 
!         $idmin = explode( '|' , $tmp ) ; 
!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ; 
!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ; 
!         $topic_lastread[ $id ] = $min * 60 ; 
!     } 
! } 
! // GIJ end 
  // if cookie is not set for this topic, update view count and set cookie 
  if ( empty($topic_lastread[$topic_id]) ) { 
      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id; 
*************** 
*** 356,362 **** 
  } 
  // Update cookie 
  // FIXME: doesn't check if 4kB limit of cookie is exceeded! 
! $topic_lastread[$topic_id] = time(); 
! setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']); 
  include XOOPS_ROOT_PATH.'/footer.php'; 
  ?> 
--- 368,389 ---- 
  } 
  // Update cookie 
  // FIXME: doesn't check if 4kB limit of cookie is exceeded! 
! // GIJ Patch begin 
! //$topic_lastread[$topic_id] = time(); 
! //setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']); 
! $topic_lastread[$topic_id] = intval( ceil( time() / 60 ) ) * 60 ; 
!  
! arsort($topic_lastread); 
!  
! $counter = 250 ; 
! $str4cookie = '' ; 
! foreach( $topic_lastread as $id => $time ) { 
!     $str4cookie .= intval( $id ) . '|' . intval( $time / 60 ) . ',' ; 
!     if( -- $counter < 0 ) break ; 
! } 
! $str4cookie = substr( $str4cookie , 0 , -1 ) ; 
!  
! setcookie("newbb_topic_lastread", $str4cookie , time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']); 
! // GIJ Patch end 
  include XOOPS_ROOT_PATH.'/footer.php'; 
  ?>

6

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/24 23:10
tl
Friend of XOOPS
Posts: 999
Since: 2002/6/23

GIJOE, thank you for the patches.

The patched files can be downloaded at XOOPS Tips
http://xoops-tips.com/

Happy Holidays everyone!

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}