| Author |
Message |
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
 Posted:
Mon Dec 27, 2004 10:43 am |
|
|
|
|
Nerd3D
New Member
Joined: Jan 08, 2005
Posts: 8
Location: California
|
| Posted:
Sat Jan 08, 2005 9:15 pm |
|
Did anybody ever figure out what causes this:Code:Call to a member function on a non-object blah blah in line 284
|
It seems it might have something to do with globals, but I don't know how to fix the problem. I grow tired of editing my mainfile.php whenever I need to post something fancy.
I tried turning the sanitization bit into a function so it would be an "object" that made no diffrence. Tried adding the same globals the functions calling is_admin() use. No good.
The line the error points to is in the is_admin function, not the html sanitization bit...
Code:function is_admin($admin) {
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
} else {
$aid = "$admin[0]";
$pwd = "$admin[1]";
}
if ($aid != "" AND $pwd != "") {
$aid = substr("$aid", 0,25);
LINE 284 IS RIGHT HERE> $result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
$row = $db->sql_fetchrow($result);
$pass = $row['pwd'];
if($pass == $pwd && $pass != "") {
return 1;
}
}
return 0;
}
|
So is the problem that $db or $prefix are not in the same class as the function that calls them?
I guess what ic comes down to is what the heck is a "non object"? Thanks for any help you can offer
PHPnuke 7.4 with MultiShop osCommerce. |
| |
|
|
|
Raven
|
| Posted:
Sat Jan 08, 2005 9:27 pm |
|
Try executing this query directly in phpMyAdminCode:SELECT pwd FROM PREFIX_authors WHERE aid='AID'
|
Substitute your prefix for PREFIX and the aid of the admin for AID. |
| |
|
|
|
|
Nerd3D
|
| Posted:
Sat Jan 08, 2005 9:30 pm |
|
Returns a blob of letters and numbers (----------------this long ---------------) |
| |
|
|
|
|
Raven
|
| Posted:
Sat Jan 08, 2005 9:33 pm |
|
Next, change this Code:$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
|
toCode:$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
die($sql);
$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
|
to see how/if the query is being constructed correctly in nuke. |
| |
|
|
|
|
Nerd3D
|
| Posted:
Sat Jan 08, 2005 9:40 pm |
|
It saidCode:SELECT pwd FROM _authors WHERE aid='my admin name'
|
Weird, it's like $prefix isn't defined... but wouldn't that break like EVERYTHING |
| |
|
|
|
|
Raven
|
| Posted:
Sat Jan 08, 2005 9:47 pm |
|
Yes it would IF the other places aren't defining. If other things are not breaking then it's an isolated bug that will cause you to lose sleep. I would hard code $prefix and then worry about it at a slower pace  |
| |
|
|
|
|
Nerd3D
|
| Posted:
Sat Jan 08, 2005 10:43 pm |
|
Well RATS! I wish that was it. But I know more now. the trouble is the pointer to $db. Evidently $db is also undefined... as therefor so is the sql_query function ...
How can any thing work if all this is undefined?  |
| |
|
|
|
|
Nerd3D
|
| Posted:
Sat Jan 08, 2005 10:56 pm |
|
I just noticed something weird.. This Code: foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
|
Comes before this ...Code:if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}
$mainfile = 1;
$result = $db->sql_query("SELECT * FROM ".$prefix."_config");
$row = $db->sql_fetchrow($result);
$sitename = $row['sitename'];
$nukeurl = $row['nukeurl'];
$site_logo = $row['site_logo'];
$slogan = $row['slogan'];
$startdate = $row['startdate'];
$adminmail = stripslashes($row['adminmail']);
blah
blah
|
That seems wrong to me. |
| |
|
|
|
|
Nerd3D
|
| Posted:
Sat Jan 08, 2005 11:17 pm |
|
Hey I think I figured it out! Here's what I did I wrapped the Tag sniffing stuff in a function so it looks like this:
Code:function security_check_html(){ //Nerd3D Added
global $admin; //Nerd3D Added
if (!is_admin($admin)){ //Nerd3D Added
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
} // End if
} // ENd foreach
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
} // end if
} // end foreach
} // End if Nerd3D Added
} // End Function Nerd3D Added
|
Then I moved the function to the end of mainfile.php. I stuck it right before the last ?>
Then I placed a call to the new function just below all the includes and variable declarations. That was line 185 after I moved every thing around.
I never would have got this if Raven hadn't put me onto the wiggin out SQL. 
I didn't change my mainfile.php, (Well not till today) I wondering if I got a bad version of phpNuke now. The one I'm using is pre-modded to integrate with osCommerce.
So I have one last question, what gaping security holes have I created? |
| |
|
|
|
|
biohazzard
New Member
Joined: Jan 14, 2005
Posts: 1
|
| Posted:
Mon Jan 17, 2005 11:58 am |
|
Hey Im running nuke 7.2 and I need to use the <scr ipt> tag but It wont let me. Ihave tried these sujestions that are here and can't seem to get it to work. If someone has been able to do this can you please show me how. iether with code or pasting your mainfile.php here
thanks |
| |
|
|
|
|
Nerd3D
|
| Posted:
Mon Jan 17, 2005 2:18 pm |
|
I got it working on my site. Are you getting an error maybe I can help. I'd post my mainfile, but it's heavily modified and wouldn't work for you. |
| |
|
|
|
|
sting
Involved
Joined: Sep 23, 2003
Posts: 456
Location: Somewhere out there...
|
| Posted:
Tue Jul 12, 2005 8:31 pm |
|
Ran across this tonight - be sure to change the code for the latest versions of Chat's patches and nuke code to reflect the Admin identification variable changes
Code:
if ( !defined('ADMIN_FILE') )
{
--all that other stuff here ---
}
|
-sting |
| |
|
 
  |
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
