miniBB Support Forums | 16 years on The Web
miniBB ®


 | Begin | Register | Reply | Search | Statistics | File Bank | Manual |
Tidings miniBB Support Forums / Tidings /   

"Who's Online" addon updated - vulnerability fix

Author Paul
Lead Developer
#1 | Posted: 28 Jan 2007 10:39 | Edited by: Paul 
As reported by our user, there could be a possibility while register_globals set to ON in php.ini to use an invalid setting of data in this addon.

The update includes change mentioned in the thread above ($tsess=trim($_COOKIE[$cookiename.'_anol']) should be $tsess=trim($_COOKIE[$cookiename.'_anol'])+0), also as the new defs:

$w_anonymous_visits=array(); $w_logged_users=array(); $w_record=array();

pasted on any event before the statement:


Please update your version of the addon.

Author marsbar
Associated Member
#2 | Posted: 3 Feb 2007 16:31 | Edited by: marsbar 
Hello Paul,

1) The addon_whosonline.php included in the latest version (28 Jan 2007) package shows a last modified date of 17 April 2006. ??

2) The 'Attention' note in the readme for the who-is-online plugin instructs users to stick the who-is-online code close to the top of bb_plugins.php - immediately after <?php , unless CAPTCHA is also installed.

In a setup without CAPTCHA installed, should the bb_plugins.php read like so [excluding the line numbering, of course]:

line 1: <?php
line 2: if (!defined('INCLUDED776')) die ('Fatal error.');
line 3: include($pathToFiles.'addon_whosonline.php');
line 4:?>

If memory serves, line 2 was a recommended addition from some time ago - I assume it is still required?


EDIT: I should have posted my query relating to the readme to the who's online addon thread instead of here. Apologies!

Author Paul
Lead Developer
#3 | Posted: 4 Feb 2007 09:27 

1) thank you again :-) I am getting old and just forgot to put the newest file in the package. Now should be on its place.

2) You're right! This needs to be updated in the README as well.

Now the package should be ok... check out pls.

Author Paul
Lead Developer
#4 | Posted: 28 Feb 2007 10:21 
Actually, the previous update still contained the bug (it seems PHP is not up to handle big integer numbers correctly)

This bug could cause your guests are not counted correctly. Most probably there will be no more than 2 guests visible in the addon's panel.

So the latest update of today hopefully fixes it. Please get it from Downloads and upgrade on your board. I hope it works finally now (at least tested for a couple of days by me personally with not critical issues found).

Tidings miniBB Support Forums / Tidings /
 "Who's Online" addon updated - vulnerability fix
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message

Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.


miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.