miniBB ®
 
miniBB Community Forum
 | Forums | File Bank | Sign Up | Reply | Search | Statistics | Manual |
Polls addon for miniBB Organize opinions on miniBB-forums, collecting them with the Polls & Surveys add-on!
News & Announcements miniBB Community Forum / News & Announcements /
Short link for this topic:

"Who's Online" addon updated - vulnerability fix
Author Paul
CEO
#1 | Posted: 28 Jan 2007 10:39 | Edited by: Paul
As reported by our user, there could be a possibility while register_globals set to ON in php.ini to use an invalid setting of data in this addon.

The update includes change mentioned in the thread above ($tsess=trim($_COOKIE[$cookiename.'_anol']) should be $tsess=trim($_COOKIE[$cookiename.'_anol'])+0), also as the new defs:

$w_anonymous_visits=array(); $w_logged_users=array(); $w_record=array();

pasted on any event before the statement:

include($woDir.'/addon_whosonline_data.php');

Please update your version of the addon.
Author marsbar
Associated Member
#2 | Posted: 3 Feb 2007 16:31 | Edited by: marsbar
Hello Paul,

1) The addon_whosonline.php included in the latest version (28 Jan 2007) package shows a last modified date of 17 April 2006. ??

2) The 'Attention' note in the readme for the who-is-online plugin instructs users to stick the who-is-online code close to the top of bb_plugins.php - immediately after <?php , unless CAPTCHA is also installed.

In a setup without CAPTCHA installed, should the bb_plugins.php read like so [excluding the line numbering, of course]:

line 1: <?php
line 2: if (!defined('INCLUDED776')) die ('Fatal error.');
line 3: include($pathToFiles.'addon_whosonline.php');
line 4:?>

If memory serves, line 2 was a recommended addition from some time ago - I assume it is still required?

Cheers,
mb

EDIT: I should have posted my query relating to the readme to the who's online addon thread instead of here. Apologies!
Author Paul
CEO
#3 | Posted: 4 Feb 2007 09:27
marsbar

1) thank you again :-) I am getting old and just forgot to put the newest file in the package. Now should be on its place.

2) You're right! This needs to be updated in the README as well.

Now the package should be ok... check out pls.
Author Paul
CEO
#4 | Posted: 28 Feb 2007 10:21
Actually, the previous update still contained the bug (it seems PHP is not up to handle big integer numbers correctly)

This bug could cause your guests are not counted correctly. Most probably there will be no more than 2 guests visible in the addon's panel.

So the latest update of today hopefully fixes it. Please get it from Downloads and upgrade on your board. I hope it works finally now (at least tested for a couple of days by me personally with not critical issues found).
News & Announcements miniBB Community Forum / News & Announcements / "Who's Online" addon updated - vulnerability fix Top
Your Reply Click this icon to move up to the quoted message
» Username  » Password 
You are welcome to post anonymously by entering a nickname with no password (if that nickname has not been taken by another member) or by leaving both fields empty. If you have a forums membership account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

 
miniBB Community Forum Powered by Free Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts