News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

;ID to &ID fix for some servers.

Started by Skuggi, December 30, 2004, 05:45:34 PM

Previous topic - Next topic

Skuggi

Link to Mod

For servers that do not allows the ;ID or users that cant get there host to fix it like I had.  I changed the files that call up an ;ID in the URL to &ID in order to fix this bug. Tested on 1.0RC2 and 1.0.

!!!Now available as a package!!!

[Unknown]

Technically, to be xhtml compliant, it should be &, but that would probably cause this problem all over again :P.

I suggest you take a look at the package SDK and try your hand at making this a package (which means it will be a lot easier to install, even after this release and upgrades past...) - if you have any problems at all, I'm of course willing to help.

Package SDK, anyone?

-[Unknown]

Skuggi

#2
Ok this should be gold.

Uploaded to the server in package form.

I made enough space to test the package with a fresh install and it installs/uninstalls perfect. double checked to make sure all the files are written to and that looks good too.

None: was 3am here and didnt notice I uploaded my SNORTCON which was my working name while testing and the first ID_FixPackage.zip that I uploaded cause I forgot to put in the new xml file in it lol. it if you could delete that it would be cool.

I'm uploading the 100% finished version and finally getting some sleep.

Skuggi

Thanks for the fix on the mod page :D  I just uploaded the working version of the package (Now tested and working for 1.0 final release and got rid of the bad files.

Nidoking

Cool mod! I'm using it on my forum. I haven't noticed any changes in the URL, though? Are they supposed to change if you use Firefox?

[Unknown]

Could you update this mod just a bit?  A related issue for some servers is that "ps" cannot be at the end of a URL.  It's easy to fix this - "ps;" works.

Since it's related to this, being a security configuration problem on the server, I thought maybe you'd be willing to incorporate the changes?  They're simple, and I can give them to you, but essentially it just means changing ps" an ps' to ps;"[/t] and ps;' in Subs.php, ManageMembers.php, and ManageMembers.template.php.

If not, that's fine to... just a suggestion to make this more useful ;).

-[Unknown]

Midgard


Skuggi

Quote from: [Unknown] on January 05, 2005, 06:14:29 PM
Could you update this mod just a bit?  A related issue for some servers is that "ps" cannot be at the end of a URL.  It's easy to fix this - "ps;" works.

Since it's related to this, being a security configuration problem on the server, I thought maybe you'd be willing to incorporate the changes?  They're simple, and I can give them to you, but essentially it just means changing ps" an ps' to ps;"[/t] and ps;' in Subs.php, ManageMembers.php, and ManageMembers.template.php.

If not, that's fine to... just a suggestion to make this more useful ;).

-[Unknown]
yea, I can set that up um... hopefully by the end of next week. As I'm a bit busy till the end of this week. Maybe by Sunday unless... :D  if we dont get busy tonight at work :D

Skuggi

Quote from: dF on January 05, 2005, 05:47:29 PM
Cool mod! I'm using it on my forum. I haven't noticed any changes in the URL, though? Are they supposed to change if you use Firefox?

They should.  Where you'd notice the difference is when your doing stuff in the admin panel. or the Login can have an issue with this on some servers like the one I use. The URL Diff is barely noticable.

On a nomal SMF install
http://www.sarcasm-inc.net/cf/index.php?action=manageboards;sa=cat [nofollow];ID_CAT=2

On a SMF with my mod
http://www.sarcasm-inc.net/cf/index.php?action=manageboards;sa=cat [nofollow]&ID_CAT=2

Skuggi

Ok, opened up the files to take a look for ps'  ps" and cant find that at all unless your talking about groups' membergroups" etc.  But didnt look like its going in the URL anywhere. but this will be real easy to throw together tonight.  I'll need to change the name I guess to server security bypass or something to better reflect it.

[Unknown]

Quote from: Skuggi on January 11, 2005, 01:20:26 PM
Ok, opened up the files to take a look for ps'  ps" and cant find that at all unless your talking about groups' membergroups" etc.  But didnt look like its going in the URL anywhere. but this will be real easy to throw together tonight.  I'll need to change the name I guess to server security bypass or something to better reflect it.

Yeah, that's what I meant.  It's just action=membergroups that I know of.  It goes into the URL in a few places...

ManageMembers.php, lines: 147, 241, 263, 275, 329, 358... Subs.php line 1377, and ManageMembers.template.php, line 13.

-[Unknown]

filipv

I used the mod, but still get these errors

[Unknown]

Quote from: filipv on January 24, 2005, 08:14:56 AM
I used the mod, but still get these errors

What errors do you get?  Where?

-[Unknown]

MyCampSites

I'm finding other urls in the admin panel that use ; instead of &...  I can't view those pages until I manually edit the url and replace the ; with &.  Will there be an update to SMF that corrects these urls?

[Unknown]

Quote from: MyCampSites on February 18, 2005, 02:16:00 AM
I'm finding other urls in the admin panel that use ; instead of &...  I can't view those pages until I manually edit the url and replace the ; with &.  Will there be an update to SMF that corrects these urls?


All URLs within SMF use ; as separators.  Which URLs are you having problems with?

-[Unknown]

MyCampSites

I've encountered a number of them.  This is a new installation of SMF from Fantastico provided by hosting company.  I've installed the latest packages too, which fixed the login error mentioned earlier in the topic.  Basically, any url with a ; gives me the error:

"Forbidden
You don't have permission to access /forum/index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. "

This was from the URL:
hxxp:mycampsites.com/forum/index.php?action=permissions;sa=modify;id=-1 [nonactive]

as an example...  If I replace the ; with & I can usually proceed.  I can list other problem urls in my next post.

BTW, I tried phpBB as well, and even though I didn't encounter any errors using it I decided to tough it out with SMF because it shows much more potential as a complete product.

MyCampSites

other problem urls:
hxxp:mycampsites.com/forum/index.php?action=manageboards;sa=newboard;ID_CAT=1 [nonactive]
hxxp:mycampsites.com/forum/index.php?action=theme;sa=settings;id=1;sesc=dd490e81057ef41dc06f6010ebcba2c5 [nonactive]
hxxp:mycampsites.com/forum/index.php?action=membergroups;sa=edit;id=1 [nonactive]
hxxp:mycampsites.com/forum/index.php?action=permissions;sa=modify;id=-1 [nonactive]

That's from checking the top level links, I haven't tried to dig much deeper than that yet.

[Unknown]

Yes, these are the URLs this package is meant to fix.  The problem you're encountering doesn't happen for most servers, but only for servers with a certain security setting turned on - one that interferes with other scripts, and is generally a dumb setting anyway.

SMF 1.1 already has a better fix than the modification here built into it.  But, it won't be public for at least a couple months, so in the mean time this patch is a great benefit to those with strangely set up servers.

You're notice EVERY ONE of the links you posted have ";id" in them (or ;ID).  What's happening is something is catching that, and deciding it may be a possible attempt to compromise security (but is wrong.)  As such, it blocks the request.

Those same URLs, on this server, do not give any errors at all - because this server is properly configured :P.  Regardless, it's unlikely your host will turn off a security setting, even if it is blocking legitmate activity and more than likely only protecting another already-patched script... so that's where the problem comes in.

If there is another SMF 1.0.x release, it may have more fixes for this problem built into it.  However, too many changes for a minority in a small version release are bad, because they may cause problems for the majority if something goes wrong.

-[Unknown]

MyCampSites

What is the server setting?  My host has been pretty helpful with similar problems.  It wouldn't hurt to ask them...

Thanks!

Jerry

it is a problem with SNORT. I think the only way to fix it is to remove SNORT


- Jerry
Find me on:
Facebook
Twitter
PlanetSMF

"If all you look for is the negative in things, you will never see the positive."

Advertisement: