how to make sure new modules don't have holes

New Member Joined: Mar 05, 2006 Posts: 16

Hi,

We got a 7.4 patched nuke site with sentinel. We did quite a bit of customization in particular with a few new modules on an old non-patched 7.4 site. The problems is that I don't want to create new holes with the new modules. So far the only thing I noticed that was different is this:

non patched. any index.php that's just inside a module (eg modules/Content/index.php)

Code:




if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {


    die ("You can't access this file directly...");


}

patched:

Code:




if ( !defined('MODULE_FILE') )


{


   die("You can't access this file directly...");


}

Is this the only difference that we have to concern ourselves with when installing a new module?

Thanks,

Satch

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

That depends on which modules you're using or installing. The patches include changes to most of the default modules, so there may be changes there. For new modules, you need to make sure they work with the patch version you are using. That's usually specified in the readme, but sometimes the module was distributed prior to the significant changes that occurred in the 3.1 (there were multiple versions of 3.1) and 3.2 patches. It's generally a good idea to ask the module developers for confirmation on this if you cannot find evidence in the support forums for the module.