Mambo 4.5.3 + SMF Bridge, New posts text become '0'

Started by Aibomind, December 03, 2005, 10:49:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Aibomind

December 03, 2005, 10:49:18 PM Last Edit: December 04, 2005, 03:24:52 PM by Orstio
Hi, I'm having a little problem after updating to 4.5.3, if I use SMF Wrapped or Unwrapped, and make a new post after posting the content of it become '0' or even if I preview it, the text become '0'. but if i post  '12345hola123' the text become '12345'.

But if I enter directly to the forum (without mambo) its works Ok.

I have done many things to find the cause, but it keep zeroing the post even on a clean instalation of Mambo 4.5.3 with only SMF (With patched MOS_SMF.php)  and Spoiler Mod for SMF.

Anyone Having the Same problem?

Orstio

#1
December 03, 2005, 11:01:34 PM Last Edit: December 08, 2005, 03:18:26 PM by Orstio
[EDIT]

Replace your Mambo index.php with the one attached here.

Thanks to Martin Brampton for taking a look at this.   ;D

mbrampton

#3
December 07, 2005, 06:17:00 PM
The drawback to this fix is that it significantly disables security checks in Mambo.  The preferred solution is to modify the call to mosGetParam that is creating the problem.  The issue is that when a default is supplied that is numeric, then the value retrieved is forced to be numeric.  It is not obvious whether it is the default that is wrong, or something else.  The check on numeric can be overriden using the original mambo.php code by passing the fourth parameter to mosGetParam as _MOS_ALLOWRAW which will defeat the numeric check in the specific instance, while leaving it in place for all the other instances where it is a valuable barrier against potential exploits.

If anyone would like to discuss this in more detail, I'd be glad to hear from them.  You can contact me as counterpoint at mambo-foundation.org. 

Martin Brampton
Dev Team Leader, Mambo

prozaciswack

#4
January 17, 2006, 01:17:19 AM
Wow, seems I am running into every problem there is.  I am also having this exact problem and honestly have no idea what mbrampton is saying.  Anyone find a secure fix for this?

SMF 1.1 RC2, Mambo 4.5.3, and bridge 3.2

Everything works fine but when I want to post or modify anything it just turns into a zero

Orstio

#5
January 17, 2006, 06:19:12 AM
Yes, the secure fix is posted above, and also in the stickied FAQ topic.

You'll notice that my post was edited after mbrampton provided a more secure fix than what I had posted  previously.

An even better solution would be to just upgrade Mambo to 4.5.3h, which includes this fix.

prozaciswack

#6
January 17, 2006, 02:24:58 PM
Again, thank you so much!  This is my first time doing anything like this as you can probably tell and this forum has been amazing...especially Oristo.  Everything works great, thanks again.
Print
Go Up Pages1
User actions
Advertisement: