xoops forums

preachur

Just can't stay away
Posted on: 2008/7/3 20:37
preachur
preachur (Show more)
Just can't stay away
Posts: 525
Since: 2006/2/4 4
#1

Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

I submitted a bug report on sourceforge, but it doesn't look like anyone is watching that list of bugs, since none of the reports have any responses since Feb.

So, here it is again:

I logged in today, went to my profile and I had 2 friend requests. I accepted one, and suddenly I had a white screen for my profile main page. I was able to delete the new friend, still no main profile page. Finally, I deleted all data from the database table yogurt_friendpetition

My profile page works again. However, the problem scares me.

Yogurt v3.2 RC1
OS: Linux box333.bluehost.com 2.6.22-19_1.BHsmp #1 SMP Thu May 22 08:08:32 MDT 2008 x86_64
PHP: 5.2.6
MySQL: 5.0.45-community-log
XOOPS: XOOPS 2.0.18
Magick can never be restrained, but when freely given is thrice regained!

damaster

Just can't stay away
Posted on: 2008/7/3 22:43
damaster
damaster (Show more)
Just can't stay away
Posts: 556
Since: 2003/5/11
#2

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Hi preachur,

while testing with XOOPS Cube Legacy
many issues were found. Some give full
access and control to admin account.
Take care ! And give a try to xsns.

Have Fun
I like people more than machines or money. But that's me!
Lets do something good and great: Lets do open source!

preachur

Just can't stay away
Posted on: 2008/7/4 6:32
preachur
preachur (Show more)
Just can't stay away
Posts: 525
Since: 2006/2/4 4
#3

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Will xsns work with XOOPS 2.0.18?
Magick can never be restrained, but when freely given is thrice regained!

damaster

Just can't stay away
Posted on: 2008/8/17 20:06
damaster
damaster (Show more)
Just can't stay away
Posts: 556
Since: 2003/5/11
#4

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Hi preachur,

i didn't test 2.0.18
but if it supports Altsys and XOOPS_TRUST_PATH
used by XOOPS Cube Legacy D3 modules
it should run smoothly

Have Fun !




Note:
I confirm that XOOPS sites running yougurt still vulnerable !
I like people more than machines or money. But that's me!
Lets do something good and great: Lets do open source!

script_fu

Friend of XOOPS
Posted on: 2008/8/29 1:27
script_fu
script_fu (Show more)
Friend of XOOPS
Posts: 1494
Since: 2002/12/27
#5

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Where in the heck is this xsns module for XOOPS and cube? Link please...

damaster

Just can't stay away
Posted on: 2008/8/29 7:40
damaster
damaster (Show more)
Just can't stay away
Posts: 556
Since: 2003/5/11
#6

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

@script fu

Maybe at xoopscube.org under "compatibility" don't you think ?

Have Fun
I like people more than machines or money. But that's me!
Lets do something good and great: Lets do open source!

script_fu

Friend of XOOPS
Posted on: 2008/8/29 11:32
script_fu
script_fu (Show more)
Friend of XOOPS
Posts: 1494
Since: 2002/12/27
#7

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Yep found it last night on sf.jp will be testing this weekend. Thanks 4 the link.

alfred

Quite a regular
Posted on: 2008/8/29 18:35
alfred
alfred (Show more)
Quite a regular
Posts: 249
Since: 2005/10/29
#8

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

Quote:

preachur wrote:

Yogurt v3.2 RC1


install the yogurt V 3.3 RC2 and test it.

wrecked

Just popping in
Posted on: 2008/9/4 11:06
wrecked
wrecked (Show more)
Just popping in
Posts: 55
Since: 2006/12/5
#9

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

any new info?

Kiwi_Chris

Just popping in
Posted on: 2009/5/19 6:38
Kiwi_Chris
Kiwi_Chris (Show more)
Just popping in
Posts: 79
Since: 2009/1/3 2
#10

Re: Friend Requests Caused Blank Screen - Yogurt v3.2 RC1

I am pleased for this post as I had the same issue with 3 of my members and after deleting the friend petitions for those users they are now fixed.

Any word on the safety of Yogurt??

Is there anything that I can do to patch the hole?

This is what I have read

Yogurt Social Network contains a flaw that allows a remote
cross site scripting attack.This flaw exists because
the application does not validate 'uid' variable upon
submission to Multiple scripts script in yogurt module.
This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server,
leading loss ofintegrity.

This was referring to RC1.

I would like to know if this is still the case, and if so any ideas on what I can do to plug this hole?