Tutoriaux module for 7.6

Posted: Thu Mar 06, 2008 7:58 pm

I would like to use such a module or a similar to write my own "tuts" but I know there was a problem with sql injections with this module long time ago.

Is there still a security problem with version Tutoriaux_1.3 or is this fixed ?
And how about short urls for this module ?

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Please PM any info you have on this problem, and I will investigate.

Not sure about short urls, but it's integrated into nukeSEO (sitemap), nukeFEED, and mSearch.

Regular Joined: Sep 12, 2006 Posts: 58 Location: Dsm, IA

I would also like to know if there's an issue or risk with this. I have shortened urls for most everything except having users create tutorials on their own (as I don't really need that function).
.htaccess

Code:

RewriteRule ^tutorial-section-([0-9]*).html modules.php?name=Tutoriaux&rop=souscat&cid=$1 [L]


RewriteRule ^tutorial-([0-9]*).html modules.php?name=Tutoriaux&rop=tutoriaux&did=$1 [L]


RewriteRule ^tutorial-print-([0-9]*).html modules.php?name=Tutoriaux&file=print&did=$1 [L]


RewriteRule ^tutorial-([0-9]*)-comment.html modules.php?name=Tutoriaux&file=comment&did=$1 [L]


RewriteRule ^tutorial-([0-9]*)-viewcomments.html modules.php?name=Tutoriaux&file=viewcomment&did=$1 [L]


RewriteRule ^tutorials-inprogress.html modules.php?name=Tutoriaux&rop=enprepa [L]


RewriteRule ^tutorials-top10.html modules.php?name=Tutoriaux&rop=informations [L]


RewriteRule ^tutorial-create-([0-9]*).html modules.php?name=Tutoriaux&file=submitut&;cid=$1 [L]


RewriteRule ^tutorials.html modules.php?name=Tutoriaux [L]

GT-Tutoriaux.php

Code:

$urlin = array(


'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=souscat&amp;cid=([0-9]*)"',


'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=tutoriaux&amp;did=([0-9]*)"',


'"(?<!/)modules.php\?name=Tutoriaux&amp;file=print&amp;did=([0-9]*)"',


'"(?<!/)modules.php\?name=Tutoriaux&amp;file=comment&amp;did=([0-9]*)"',


'"(?<!/)modules.php\?name=Tutoriaux&amp;file=viewcomment&amp;did=([0-9]*)"',


'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=enprepa"',


'"(?<!/)modules.php\?name=Tutoriaux&amp;rop=informations"',


'"(?<!/)modules.php\?name=Tutoriaux"'


);





$urlout = array(


'tutorial-section-\\1.html',


'tutorial-\\1.html',


'tutorial-print-\\1.html',


'tutorial-\\1-comment.html',


'tutorial-\\1-viewcomments.html',


'tutorials-inprogress.html',


'tutorials-top10.html',


'tutorials.html'


);

Posted: Fri Mar 07, 2008 5:22 pm

999 thanks. I ´ll try it out.
I gave Kguse already all information I have about this and because he is using the same version of the Tutoriaux module I´m sure he will look into this. May take some time.
Btw: At secunia I found no entires for this module.

Posted: Sat Mar 08, 2008 2:14 am

Susann, I have been using it on my site for maybe a year or more with no problems and although that doesn't mean it is secure, I do get quite a lot of daily attacks.

Posted: Sat Mar 08, 2008 10:16 am

Well, I don´t know if everything is filtered correctly but I quess the important things are fixed otherwise it wouldn´t be available to download anymore.
There is just no versions history or change log.txt within the packet.

Posted: Mon Mar 17, 2008 4:53 pm

The rewrites rules in .htaccess doesn´t work for me.
The requested URL /indexmodules.php was not found on this server. So something isn´t correct with tutorial-section-.html
and shouldn´t this be:

Code:

'"(?<!/)modules.php\?name=Tutoriaux(?!&)"',

Posted: Mon Mar 17, 2008 7:52 pm

Sorry there was a couple typos in it when I pasted that, was late, other then that it works perfectly for me. I just based it off of the the taps for other files.

Posted: Mon Mar 17, 2008 8:01 pm

No problem. Thought I better warn others before they also spend hours to find out where the 404 came from.

registered · Posted: Mon Mar 17, 2008 8:06 pm

BTW, the "tap" has been in my forums for quite awhile now:

http://montegoscripts.com/ftopict-174.html

Courteously of ANTH and then Delectable. Wink