Bob Marion writes "I/we now have PHP-Nuke 7.9 and are finding that it does not have Patched 3.0 or 3.1 and there are major security issues already with it. I have to say great job mr. burzi! Please DO NOT use 7.9 until these issues are worked on and resolved! Unless of course you want your site hacked to pieces! In a nutshell folks, the difference between 7.8 and 7.9 can been seen in one new function:
function filter($what, $strip="", $save="", $type="") { and a ton of bs fake patches."
64BitGuy writes "Again, this is an official warning to everyone! Do not use PHP-Nuke 7.9 unless you have overwhelming desires to be completely hacked (it took me about 30 seconds to hack this on my test domain) and you enjoy having your hosting provider ban your domain for abuse and resources consumption."
Related
Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) |  | Ha...ha....did anyone hoped this version would be different ? |
Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) | | Well, I know how to make patch files. I'll just compare it to the un-edited version of 7.8 on my computer so I won't have to write over the security changes on I made on the one I use for my website... |
| Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) by nukeevangelist on Friday, September 16, 2005 @ 09:43:12 CDT (User Info | Send a Message) | |
hi there good day omega13a great to read from you.- good to hear that you tested the new version. this is one of the top-advantages of open source. We have the critical mass that helps to make a system secure, safe and usable. So if we find bugs then let us help to secure the system. in Open source all is about working together and combining the available ressources - to get great efforts and achievemts - that can ´t be gained if we walk alone. So - just help to fix the stuff and to secure the sustainable development. thank you omega13a you are a great man - just my 2 cents nukeevangelist |
Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) | | It is just unfathomable! FB has a community of "support" providing patches upon patches and yet he still refuses to incorporate. These are FREE! He can include them per GPL! I just don't get it! Why does he stick his middle finger out at his nuke community every single time... He could have had such a good thing going if he would have just been a part of the community instead of continually bucking it. Unbelievable! |
| Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) by nukeevangelist on Friday, September 16, 2005 @ 09:44:47 CDT (User Info | Send a Message) | |
hi there - well i am veryvery happy to read you montego. You thoughts are interesting. well i am happy bout every body who gives feedback good to hear that you tested the new version. this is one of the top-advantages of open source. We have the critical mass that helps to make a system secure, safe and usable. So if we find bugs then let us help to secure the system. in Open source all is about working together and combining the available ressources - to get great efforts and achievemts - that can ´t be gained if we walk alone. So - just help to fix the stuff and to secure the sustainable development. montego these are just my 2 cents nukeevangelist |
Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) | | What, exactly, is the NEWEST version that is, "safe" and where can one get it? I've reverted to 7.6 (Stock) from the PHP-Nuke dot org site as I believe that was the last version before Mr. Burzi added the shoddy code we've heard complaints about the last several iterations of PHP-Nuke. Your insight will be very much appreciated! |
| Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) by Raven (raven (_AT_) ravenphpscripts (_DOT_) com) on Thursday, September 15, 2005 @ 22:06:57 CDT (User Info | Send a Message) | |
The forums have many threads with opinions. v6.9, 7.3 and 7.6 (all patched of course) are the big winners. If you are running any version stock then you are either naive or you've been living on a mountain top somewhere :rotfl:. Get Patched immediately and get NukeSentinel(tm) installed :) |
| Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) by jeffulri on Thursday, September 15, 2005 @ 23:25:57 CDT (User Info | Send a Message) | |
Yup, 7.6 - already patched and NukeSentineled. Good to know I'm on he right page. Thanks for confirming my insanity! |
Re: why use tiny mce use bbcode or nbbcode (Score: 1) | | well i use some parts from nuke 7.7 & 7.8 in my current distro but base as 7.6 but one thing i did add on all my textareas was nbbcode why coulnt fb use bbcode box or even bbcode that would of made nuke more secure and patches could of done any minor problems well its sad to see nuke go down this road |
Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) | | hi there good to hear that you tested the new version. this is one of the top-advantages of open source. We have the critical mass that helps to make a system secure, safe and usable. So if we find bugs then let us help to secure the system. in Open source all is about working together and combining the available ressources - to get great efforts and achievemts - that can ´t be gained if we walk alone. So - just help to fix the stuff and to secure the sustainable development. just my 2 cents nukeevangelist |
| Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) by hireamerica on Friday, September 16, 2005 @ 10:29:53 CDT (User Info | Send a Message) http://www.hireamerica.us | |
My 2 cents: Oh, PHP-Nuke is open source, right? Fine, I claim the code source-base, give full props to FB, but when I change the code, I can change the copyright text. Why not fork into PHP-Oscar PHP - Open Source Coded and Responsible Maybe we call it PHP-Oscar (sec) when it's secured. What say? Raven or Bob, perhaps a poll on your respective sites? |
| Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) by Mesum on Friday, September 16, 2005 @ 13:47:51 CDT (User Info | Send a Message) http://www.desitribe.com | |
Hahahaha man I just loved this post! |
Re: PHP-Nuke 7.9 in hand and Dangerous (Score: 1) | | man this is a joke has anyone seen fb's so called change log just another dangerous nuke like 7.7, 7.8 but 7.9 is more like 7.8.1 lol September 2005: Version 7.9 =========================== - Removed ENGINE=MyISAM fromk the nuke.sql file to prevent MySQL errors in old server versions. - SQL injection vulnerability fixed in modules.php and News module (Thanks to Zhen-Xjell from http://CastleCops.com) - Cosmetic changes in the Edit Authors administrators section. Added graphical buttons and table field descriptions - Updated BBtoNuke (phpBB forums port) to version 2.0.17 (Thanks to Chatserv from http://nukeresources.com) - Added new feature to edit banned IPs in the IP Ban administration system - Fixed Administrators nicknames case bug. Admins IDs willbe converted all to lowercase. (Thanks to OuTiMe) - Fixed a duplicated points information display in Your Account module - Search module now has a minimum limit of 3 characters in the query - Removed Sections Top 10 data from the Top module - Added missing translation in Stories Archives module - Added empty fields check in Feedback and Recommend Us modules. - News associated topics checkboxes has been changed for multiselect listbox in the news administration. - Removed download and web links title passed as a variable via URL call, which gives problems rendering pages - Added a new variables check all over the system. This will increase security in a big manner. The filter will also work good with the wysiwyg editor. Also, the entire system now can use quotes and double quotes when needed. - Added quotes and double quotes in the search module query - The constant has been renamed to [--pagebreak--] in Content, Encyclopedia and Reviews modules due to compatibility issues with the new filters. - Fixed Encyclopedia search engine to be able to search text with quotes and double quotes - Fixed a bug for the quotes and double quotes in the title/subject fields in all forms of the system - Removed advanced wysiwyg editor to reduce load and avoid possible security risks with many useless options - Added a new varibale to config.php to activate or deactivate the wysiwyg editor - Added two missing translation definitions to the advertising administration in plans configuration - Fixed a bug for the advertising call method in the default theme - Fixed some bugs in the advertising administration system - Fixed the database connection error message to show the right database server type you're using. (Thanks to nightblade06) - Fixed a bug on modules.php for the Users Groups system to load the module only if the user has access. - Fixed some translation bugs in Brazilian languages files (Thanks to DarK_SouL). |
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
