Patches for newbb 1.0 and PHP <= 4.3.9 [Xoops 2.0 Bug Report]

1

Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 7:19
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

As you know a vulnerablity about function unserialize() is found in PHP <= 4.3.9

This can cause some crackings via newbb 1.0, because newbb uses unserialize() against $_COOKIE.

This is the security patches.
If your server's PHP still <= 4.3.9 and you use newbb 1.0, patch this.

Although I don't know newbb2, it may be safe because newbb looks it does not store informations of last_read in COOKIE.


diff -rc newbb_old/index.php newbb/index.php

*** newbb_old/index.php    Fri Jan 30 08:28:30 2004

--- newbb/index.php    Wed Dec 22 16:16:09 2004

***************

*** 75,81 ****

              continue;

          }

          // Read 'lastread' cookie, if exists

!         $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

          foreach ( $forums as $forum_row ) {

              unset($last_post);

              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) {

--- 75,93 ----

              continue;

          }

          // Read 'lastread' cookie, if exists

!         //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

!         // GIJ start

!         if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();

!         else {

!             $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ;

!             foreach( $topic_lastreadtmp as $tmp ) {

!                 $idmin = explode( '|' , $tmp ) ;

!                 $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ;

!                 $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ;

!                 $topic_lastread[ $id ] = $min * 60 ;

!             }

!         }

!         // GIJ end

          foreach ( $forums as $forum_row ) {

              unset($last_post);

              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) {

diff -rc newbb_old/post.php newbb/post.php

*** newbb_old/post.php    Fri Jan 30 08:28:30 2004

--- newbb/post.php    Wed Dec 22 16:11:54 2004

***************

*** 45,50 ****

--- 45,53 ----

      }

      $forumdata = $xoopsDB->fetchArray($result);

  

+     // GIJ Patch

+     if( empty( $forumdata['allow_html'] ) ) $HTTP_POST_VARS['nohtml'] = 1 ;

+ 

      if ( $forumdata['forum_type'] == 1 ) {

      // To get here, we have a logged-in user. So, check whether that user is allowed to view

      // this private forum.

diff -rc newbb_old/viewforum.php newbb/viewforum.php

*** newbb_old/viewforum.php    Wed Feb  4 00:58:48 2004

--- newbb/viewforum.php    Wed Dec 22 16:12:32 2004

***************

*** 192,198 ****

  }

  

  // Read topic 'lastread' times from cookie, if exists

! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

  while ( $myrow = $xoopsDB->fetchArray($result) ) {

  

       if ( empty($myrow['last_poster']) ) {

--- 192,210 ----

  }

  

  // Read topic 'lastread' times from cookie, if exists

! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

! // GIJ start

! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();

! else {

!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ;

!     foreach( $topic_lastreadtmp as $tmp ) {

!         $idmin = explode( '|' , $tmp ) ;

!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ;

!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ;

!         $topic_lastread[ $id ] = $min * 60 ;

!     }

! }

! // GIJ end

  while ( $myrow = $xoopsDB->fetchArray($result) ) {

  

       if ( empty($myrow['last_poster']) ) {

diff -rc newbb_old/viewtopic.php newbb/viewtopic.php

*** newbb_old/viewtopic.php    Thu Feb  5 03:43:44 2004

--- newbb/viewtopic.php    Wed Dec 22 16:15:28 2004

***************

*** 348,354 ****

  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON));

  

  // Read in cookie of 'lastread' times

! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

  // if cookie is not set for this topic, update view count and set cookie

  if ( empty($topic_lastread[$topic_id]) ) {

      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id;

--- 348,366 ----

  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON));

  

  // Read in cookie of 'lastread' times

! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

! // GIJ eliminated unserialize

! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();

! else {

!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ;

!     foreach( $topic_lastreadtmp as $tmp ) {

!         $idmin = explode( '|' , $tmp ) ;

!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ;

!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ;

!         $topic_lastread[ $id ] = $min * 60 ;

!     }

! }

! // GIJ end

  // if cookie is not set for this topic, update view count and set cookie

  if ( empty($topic_lastread[$topic_id]) ) {

      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id;

***************

*** 356,362 ****

  }

  // Update cookie

  // FIXME: doesn't check if 4kB limit of cookie is exceeded!

! $topic_lastread[$topic_id] = time();

! setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);

  include XOOPS_ROOT_PATH.'/footer.php';

  ?>

--- 368,389 ----

  }

  // Update cookie

  // FIXME: doesn't check if 4kB limit of cookie is exceeded!

! // GIJ Patch begin

! //$topic_lastread[$topic_id] = time();

! //setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);

! $topic_lastread[$topic_id] = intval( ceil( time() / 60 ) ) ;

! 

! arsort($topic_lastread);

! 

! $counter = 300 ;

! $str4cookie = '' ;

! foreach( $topic_lastread as $id => $time ) {

!     $str4cookie .= intval( $id ) . '|' . intval( $time ) . ',' ;

!     if( -- $counter < 0 ) break ;

! }

! $str4cookie = substr( $str4cookie , 0 , -1 ) ;

! 

! setcookie("newbb_topic_lastread", $str4cookie , time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);

! // GIJ Patch end

  include XOOPS_ROOT_PATH.'/footer.php';

  ?>

2

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 8:10
smdcom
Posts: 901
Since: 2004/4/27

good info GIJOE! Thanks.

SMD

3

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 8:12
smdcom
Posts: 901
Since: 2004/4/27

you should add this patch at XOOPS sourceforge.

4

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/22 8:19
Mithrandir
XOOPS is my life!
Posts: 6320
Since: 2003/6/21

As this has to do with a module, dev.xoops.org is the place to post it to get developer attention.

5

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/24 21:33
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

The code I've pasted have a typo.

Use this instead of the older.


diff -rc newbb_old/index.php newbb/index.php

*** newbb_old/index.php    Fri Jan 30 08:28:30 2004

--- newbb/index.php    Wed Dec 22 16:16:09 2004

***************

*** 75,81 ****

              continue;

          }

          // Read 'lastread' cookie, if exists

!         $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

          foreach ( $forums as $forum_row ) {

              unset($last_post);

              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) {

--- 75,93 ----

              continue;

          }

          // Read 'lastread' cookie, if exists

!         //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

!         // GIJ start

!         if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();

!         else {

!             $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ;

!             foreach( $topic_lastreadtmp as $tmp ) {

!                 $idmin = explode( '|' , $tmp ) ;

!                 $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ;

!                 $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ;

!                 $topic_lastread[ $id ] = $min * 60 ;

!             }

!         }

!         // GIJ end

          foreach ( $forums as $forum_row ) {

              unset($last_post);

              if ( $forum_row['cat_id'] == $categories[$i]['cat_id'] ) {

diff -rc newbb_old/post.php newbb/post.php

*** newbb_old/post.php    Fri Jan 30 08:28:30 2004

--- newbb/post.php    Wed Dec 22 16:11:54 2004

***************

*** 45,50 ****

--- 45,53 ----

      }

      $forumdata = $xoopsDB->fetchArray($result);

  

+     // GIJ Patch

+     if( empty( $forumdata['allow_html'] ) ) $HTTP_POST_VARS['nohtml'] = 1 ;

+ 

      if ( $forumdata['forum_type'] == 1 ) {

      // To get here, we have a logged-in user. So, check whether that user is allowed to view

      // this private forum.

diff -rc newbb_old/viewforum.php newbb/viewforum.php

*** newbb_old/viewforum.php    Wed Feb  4 00:58:48 2004

--- newbb/viewforum.php    Wed Dec 22 16:12:32 2004

***************

*** 192,198 ****

  }

  

  // Read topic 'lastread' times from cookie, if exists

! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

  while ( $myrow = $xoopsDB->fetchArray($result) ) {

  

       if ( empty($myrow['last_poster']) ) {

--- 192,210 ----

  }

  

  // Read topic 'lastread' times from cookie, if exists

! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

! // GIJ start

! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();

! else {

!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ;

!     foreach( $topic_lastreadtmp as $tmp ) {

!         $idmin = explode( '|' , $tmp ) ;

!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ;

!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ;

!         $topic_lastread[ $id ] = $min * 60 ;

!     }

! }

! // GIJ end

  while ( $myrow = $xoopsDB->fetchArray($result) ) {

  

       if ( empty($myrow['last_poster']) ) {

diff -rc newbb_old/viewtopic.php newbb/viewtopic.php

*** newbb_old/viewtopic.php    Thu Feb  5 03:43:44 2004

--- newbb/viewtopic.php    Wed Dec 22 16:15:28 2004

***************

*** 348,354 ****

  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON));

  

  // Read in cookie of 'lastread' times

! $topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

  // if cookie is not set for this topic, update view count and set cookie

  if ( empty($topic_lastread[$topic_id]) ) {

      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id;

--- 348,366 ----

  $xoopsTpl->assign(array('forum_jumpbox' => make_jumpbox($forum), 'lang_forum_index' => sprintf(_MD_FORUMINDEX,$xoopsConfig['sitename']), 'lang_from' => _MD_FROM, 'lang_joined' => _MD_JOINED, 'lang_posts' => _MD_POSTS, 'lang_poster' => _MD_POSTER, 'lang_thread' => _MD_THREAD, 'lang_edit' => _EDIT, 'lang_delete' => _DELETE, 'lang_reply' => _REPLY, 'lang_postedon' => _MD_POSTEDON));

  

  // Read in cookie of 'lastread' times

! //$topic_lastread = !empty($HTTP_COOKIE_VARS['newbb_topic_lastread']) ? unserialize($HTTP_COOKIE_VARS['newbb_topic_lastread']) : array();

! // GIJ eliminated unserialize

! if( empty( $_COOKIE['newbb_topic_lastread'] ) ) $topic_lastread = array();

! else {

!     $topic_lastreadtmp = explode( ',' , $_COOKIE['newbb_topic_lastread'] ) ;

!     foreach( $topic_lastreadtmp as $tmp ) {

!         $idmin = explode( '|' , $tmp ) ;

!         $id = empty( $idmin[0] ) ? 0 : intval( $idmin[0] ) ;

!         $min = empty( $idmin[1] ) ? 0 : intval( $idmin[1] ) ;

!         $topic_lastread[ $id ] = $min * 60 ;

!     }

! }

! // GIJ end

  // if cookie is not set for this topic, update view count and set cookie

  if ( empty($topic_lastread[$topic_id]) ) {

      $sql = 'UPDATE '.$xoopsDB->prefix('bb_topics').' SET topic_views = topic_views + 1 WHERE topic_id ='. $topic_id;

***************

*** 356,362 ****

  }

  // Update cookie

  // FIXME: doesn't check if 4kB limit of cookie is exceeded!

! $topic_lastread[$topic_id] = time();

! setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);

  include XOOPS_ROOT_PATH.'/footer.php';

  ?>

--- 368,389 ----

  }

  // Update cookie

  // FIXME: doesn't check if 4kB limit of cookie is exceeded!

! // GIJ Patch begin

! //$topic_lastread[$topic_id] = time();

! //setcookie("newbb_topic_lastread", serialize($topic_lastread), time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);

! $topic_lastread[$topic_id] = intval( ceil( time() / 60 ) ) * 60 ;

! 

! arsort($topic_lastread);

! 

! $counter = 250 ;

! $str4cookie = '' ;

! foreach( $topic_lastread as $id => $time ) {

!     $str4cookie .= intval( $id ) . '|' . intval( $time / 60 ) . ',' ;

!     if( -- $counter < 0 ) break ;

! }

! $str4cookie = substr( $str4cookie , 0 , -1 ) ;

! 

! setcookie("newbb_topic_lastread", $str4cookie , time()+365*24*3600, $bbCookie['path'], $bbCookie['domain'], $bbCookie['secure']);

! // GIJ Patch end

  include XOOPS_ROOT_PATH.'/footer.php';

  ?>

6

Re: Patches for newbb 1.0 and PHP <= 4.3.9

2004/12/24 23:10
tl
Friend of XOOPS
Posts: 999
Since: 2002/6/23

GIJOE, thank you for the patches.

The patched files can be downloaded at XOOPS Tips
http://xoops-tips.com/

Happy Holidays everyone!

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Re: Patches for newbb 1.0 and PHP <= 4.3.9

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}