2007-11-26, 03:54 PM
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
2007-11-26, 09:03 PM
Dammit...you are right about delete_post. They changed it and yet didn't inform anyone. That's just great.
It's class_moderation_delete_posts hook now. It did work before..trust me it did. Looks like I have to rewrite that today. Same goes for class_moderation_delete_thread too...grrr...
Can you give me an example? I am pretty sure I protected anyplace that a query was made a couple updates ago. Security is very important to me. While I might lax a bit on queries I take no chances with security. If you find a hole ...please tell me asap.
Ahh...$thread[uid]....I may have to use that. Certainly my code could benefit from more experienced coders but at the time no one seemed willing to take on the task. Where were you 6 months ago?
It's class_moderation_delete_posts hook now. It did work before..trust me it did. Looks like I have to rewrite that today. Same goes for class_moderation_delete_thread too...grrr...
Quote:There's quite a few places where inputs are directly sent into the DB without escaping.
Can you give me an example? I am pretty sure I protected anyplace that a query was made a couple updates ago. Security is very important to me. While I might lax a bit on queries I take no chances with security. If you find a hole ...please tell me asap.
Ahh...$thread[uid]....I may have to use that. Certainly my code could benefit from more experienced coders but at the time no one seemed willing to take on the task. Where were you 6 months ago?
2007-11-26, 09:08 PM
labrocca Wrote:Dammit...you are right about delete_post. They changed it and yet didn't inform anyone. That's just great.
http://community.mybboard.net/showthread...#pid139659
Someone needs to update the wiki =P If i don't forget, i will do it this weekend
2007-11-26, 09:21 PM
Broken for 5 months....I think I am gonna hide in shame.
Working to fix it now though. bah...
Working to fix it now though. bah...
2007-11-27, 09:10 AM
Well, I have a few requests for this
1. As I said, change usergroup. I could probably actually code this myself after looking at the demo.
2. A download inventory, you can download items you pay for.
BP
1. As I said, change usergroup. I could probably actually code this myself after looking at the demo.
2. A download inventory, you can download items you pay for.
BP
2007-11-27, 12:10 PM
labrocca Wrote:Dammit...you are right about delete_post. They changed it and yet didn't inform anyone. That's just great.Ahh, I see. Not your fault then
It's class_moderation_delete_posts hook now. It did work before..trust me it did. Looks like I have to rewrite that today. Same goes for class_moderation_delete_thread too...grrr...
Glad I could help!
labrocca Wrote:Well, I can't give an exhaustive list - you'll have to find it yourself, but I'll try to help. The aforementioned ones in the AdminCP are there. Also, check /myps.phpQuote:There's quite a few places where inputs are directly sent into the DB without escaping.
Can you give me an example? I am pretty sure I protected anyplace that a query was made a couple updates ago. Security is very important to me. While I might lax a bit on queries I take no chances with security. If you find a hole ...please tell me asap.
$db->query("UPDATE ".TABLE_PREFIX."users SET myps='".$db->escape_string($newmyps)."' WHERE username='".$mybb->input['username']."'");
The input is sent directly into the query. There's a few other places in the same file where the same input is sent into a query.labrocca Wrote:Ahh...$thread[uid]....I may have to use that. Certainly my code could benefit from more experienced coders but at the time no one seemed willing to take on the task. Where were you 6 months ago?I only started looking at PHP a few months back
Been programming a fair bit in other languages, so picked up PHP really quick.
blueparukia Wrote:Well, I have a few requests for thisAdded to list
1. As I said, change usergroup. I could probably actually code this myself after looking at the demo.
blueparukia Wrote:2. A download inventory, you can download items you pay for.Coming out real soon
2007-11-27, 12:20 PM
Awesome,
BP
BP
2007-11-27, 12:23 PM
Anyways, updated to v0.2 - fixes a few bugs found in v0.11.
Other main changes are quite a few modifications to how the AdminCP back-end operates (only really for modules).
Also, item handling is much better.
Upgrade instructions: just simply overwrite the files - no need to deactivate anything.
Please report any bugs or issues!
Other main changes are quite a few modifications to how the AdminCP back-end operates (only really for modules).
Also, item handling is much better.
Upgrade instructions: just simply overwrite the files - no need to deactivate anything.
Please report any bugs or issues!
2007-11-27, 07:30 PM
ZiNga BuRgA Wrote:That is basically what I asked that you didn't seem to understand, though I'm happy to see it's coming soon. I'll give the mod a try once that module is released with it.blueparukia Wrote:2. A download inventory, you can download items you pay for.Coming out real soon
2007-11-27, 08:05 PM
Can i ask is there a feature for downloads for cash?