Author |
Message |
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
Posted:
Fri Dec 31, 2004 8:45 pm |
|
That seems to have worked. Thanks Raven!
So it's safe now to comment out the Santy lines in Sentinel.php so that my Reviews section works again? |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
Posted:
Fri Dec 31, 2004 8:49 pm |
|
Yes, and I have corrected the above posts. Sorry about that. I had more rules after the last one so my code is ok with [NC,OR]. |
|
|
|
|
manunkind
|
Posted:
Fri Dec 31, 2004 9:16 pm |
|
Cool. Thanks Raven! |
|
|
|
|
skeen
Hangin' Around
Joined: Jul 17, 2003
Posts: 29
|
Posted:
Fri Dec 31, 2004 9:19 pm |
|
Is that a version only issue Raven ? I have that statement and it doesnt effect my site when I am logged in but will it effect my users ? |
|
|
|
|
Raven
|
Posted:
Fri Dec 31, 2004 11:11 pm |
|
v2.1.3 was the first version to have it. Not everyone has access to .htaccess so that's an alternative. But, as you have seen, it can have issues. |
|
|
|
|
MrFluffy
Hangin' Around
Joined: Jun 24, 2004
Posts: 28
Location: Berlin
|
Posted:
Wed Jan 05, 2005 9:20 am |
|
As the santy filter in fact stops all modules from working that use the $id variable in urls, couldn't you just use some other variable name in the filter?
I don't see that it is used further by sentinel anyway... |
_________________ cu,
MrFluffy
Only registered users can see links on this board! Get registered or login! |
|
|
|
Raven
|
Posted:
Wed Jan 05, 2005 9:27 am |
|
Seems reasonable to me. We'll check it out |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
Posted:
Wed Jan 05, 2005 10:51 am |
|
I'll update it today and post the new package as 2.1.3b |
_________________ Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
|
|
ptyp
New Member
Joined: Jan 14, 2005
Posts: 1
|
Posted:
Fri Jan 14, 2005 8:49 am |
|
BobMarion wrote: | I'll update it today and post the new package as 2.1.3b |
dose this update work with phpnuke 7.5 reviews module?
If yes where can I download it? and if no, dose anyone have the fix, I aint use the .access protection.
thanks |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
Posted:
Fri Jan 14, 2005 4:55 pm |
|
Bob, I can only find a Jan 1 version of Sentinel 2.1.3. Did you ever post a 2.1.3b?
TIA,
montego |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
Posted:
Sat Jan 15, 2005 5:14 pm |
|
The same problem with errors in rewiews:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /www/htdocs/balblabla/includes/sql_layer.php on line 342
added (hinzugefĆ¼gt): January 1st 1970
The date is a joke ?
So I removed the code for santi worms in sentinel.php. Now the reviews are back . |
|
|
|
|
bry2k
New Member
Joined: Dec 07, 2004
Posts: 12
|
Posted:
Mon Jan 17, 2005 8:53 am |
|
Hello, I'm also wondering where I can get v213b of Sentinel. Currently my Gallery module is broken with v213 of Sentinel ( Only registered users can see links on this board! Get registered or login!) and I'm not clear on what to do to fix the problem. I do have .htaccess/CGIAuth protection enabled on my site, so I presume I don't need the Sanity worm code you guys were talking about...? Could someone help me out? |
|
|
|
|
MrFluffy
|
Posted:
Mon Jan 17, 2005 9:18 am |
|
In includes/sentinel.php,
find:
Code:// Stop Santy Worm
$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($id,$uri_content)=each($tmp)) {
if (strpos($REQUEST_URI,$uri_content)) {
die("Illegal Content");
}
}
|
and comment it out completely, or what I did, change it to
Code:// Stop Santy Worm
$bad_uri_content="rush,highlight,perl,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
$tmp=explode(",",$bad_uri_content);
while(list($snid,$uri_content)=each($tmp)) {
if (strpos($REQUEST_URI,$uri_content)) {
die("Illegal Content");
}
}
|
This can't make it more useless than commenting it out, so it should be ok |
|
|
|
|
Susann
|
Posted:
Mon Jan 17, 2005 10:43 am |
|
So, I changed my .htaccess again and try your code with $snid it works fine without any error in reviews and the other modules too. I haven`t seen no more "Illegal Content" on my site. |
|
|
|
|
cprompt
Regular
Joined: Jun 08, 2004
Posts: 64
|
Posted:
Sun Jan 23, 2005 8:36 am |
|
bry2k wrote: | Hello, I'm also wondering where I can get v213b of Sentinel. Currently my Gallery module is broken with v213 of Sentinel ( Only registered users can see links on this board! Get registered or login!) and I'm not clear on what to do to fix the problem. I do have .htaccess/CGIAuth protection enabled on my site, so I presume I don't need the Sanity worm code you guys were talking about...? Could someone help me out? |
Do what MrFluffy says to do just below your post.
That worked for me and my Gallery module and it is simple to do.
mike |
|
|
|
|
BobMarion
|
Posted:
Thu Jan 27, 2005 9:41 am |
|
I've shifted from doing 2.1.3b to making 2.2.0 instead and it's taking longer then i expected |
|
|
|
|
pudbat
New Member
Joined: Mar 05, 2005
Posts: 20
|
Posted:
Fri Mar 11, 2005 12:02 am |
|
does .staccess work the same as .htaccess? seems that if i can't have a .htaccess file in my root directory, i get a 500 server error |
|
|
|
|
Raven
|
Posted:
Fri Mar 11, 2005 12:06 am |
|
No. The . just means to hide the file in *nix. .htaccess is unique and only pertains to Apache web servers. .staccess is just an ordinary file that *nix hides. |
|
|
|
|
pudbat
|
Posted:
Fri Mar 11, 2005 12:15 am |
|
thanks, Raven, i'm just a little unclear on what is the best Santy blocker if you don't have .htaccess? |
|
|
|
|
Raven
|
Posted:
Fri Mar 11, 2005 8:12 am |
|
Seriously, if your host does not allow you to have .htaccess then you need to find another host. Without having access to .htaccess you are so limited in what you can do. While you could write code to place in mainfile.php, as an example, by that time the intruder is already at your site. And, he could bypass the calling of mainfile.php. .htaccess stops him at the server level. |
|
|
|
|
BobMarion
|
Posted:
Fri Mar 11, 2005 10:31 pm |
|
I agree with Raven, .htaccess is by far the better method. The Santy protection in NukeSentinel is for those that do not have .htaccess access so that they have some level of protection. |
|
|
|
|
|