Print Topic - Archive

Click here to return to the original view. Save to Disk.
E-Blah Community  /  News  /  Major Security Bug In Platinum Series!
Posted by: Justin, May 22, 2004, 9:12am
This has to be fixed ASAP.  I have made a patch for P6 and those few that use P7.  P5 has also been fixed (download patch below, or redownload entire package from downloads page).  This is a major security bug and needs patching ASAP!  Thanks to Rocketdrive for finding, and PMing me of this error.


Download P6 Security Fix

Download P7 Security Fix

Download P5 Security Fix

If you do not patch this, your forum will be open to deleted accounts by ANYONE on the system.  I was notified of this bug this morning, and the pacth was availble within 20 minutes of it's finding.

Installing:

To install, simply replace the old MemberPanel.pl file in the /Blah/Code directory, with the new one.


- Justin


Note: THIS ONLY EFFECT PLATINUM SERIES

Also, this was a rush to get out, any grammer mistakes in this post should be overlooked.  ;)
Posted by: seb, May 22, 2004, 9:34am; Reply: 1
So do you just replace the existing one with this in /Blah/Code/ ?
Posted by: Justin, May 22, 2004, 9:35am; Reply: 2
Yep.  Make sure it's the same one for you version.  If you are using P7, make sure it's the last one I posted, not an OLD one.  ;)
Posted by: dazz, May 22, 2004, 10:06am; Reply: 3
Justin,

Where do we find the newest P7?  I downloaded but have no idea if it is the latest.  If it is only located in one place then I assume I have the right one.

I downloaded from here:  http://www.eblah.com/cgi-bin/bb/Blah.pl?b=bugs,v=download,f=eblahp7.zip about 2 days ago.
Posted by: neofile, May 22, 2004, 10:06am; Reply: 4
20 mins to patch a major issue? Pretty impressive! And about 3 months quicker than most leading games software houses ;)

Thanks :)
Posted by: Canokie, May 22, 2004, 10:34am; Reply: 5
Excellent work and incredible speed!

You make Eblah the best!!

Thank you Justin!
Posted by: mhentges, May 22, 2004, 11:04am; Reply: 6
Thanks for the fast fix!
Posted by: Diablostang, May 22, 2004, 11:51am; Reply: 7
Thanks for the fix Justin, nice work :)
Posted by: Iliana, May 22, 2004, 12:20pm; Reply: 8
Thank you :)
Posted by: rattycorner, May 22, 2004, 1:13pm; Reply: 9
Thank you sir. Much appreciated.
Posted by: Charon (Guest), May 22, 2004, 2:12pm; Reply: 10
Nice work. Glad I am on the mailing list for this. That was a big problem. Fast work man keep it up.:)


Problem with the fix

Here is what it says to my members.

There was a problem loading a part of the E-Blah software. The system administrator may be upgrading this forum. If you continue to receive this error after several minutes, please contact the system administrator. Further information relating to this incident is below (file information).

./MemberPanel.pl

syntax error at ./MemberPanel.pl line 1524, near "lo",""
Compilation failed in require at Blah.pl line 73.
Posted by: Justin, May 22, 2004, 2:42pm; Reply: 11
You got the wrong version then.
Posted by: Charon (Guest), May 22, 2004, 4:25pm; Reply: 12
Well when I check what version I have it says that it is p5 so I got p5 and it had that error. I will try p6 then.
Posted by: Charon (Guest), May 22, 2004, 4:31pm; Reply: 13
Ok yah I p6 and it had the same problem. p7 is what worked, just odd that it tells me that we have p5. Thanks for the update.
Posted by: Justin, May 22, 2004, 4:38pm; Reply: 14
Hrmmm ..... if you use P7, and you have P6, it WILL NOT work.  You WILL NOT be able to edit your profile.
Posted by: KSSaran, May 23, 2004, 8:06am; Reply: 15
Thank you Justin for the Quick work...
Posted by: Joe M, May 23, 2004, 10:05am; Reply: 16
Thanks Justin!
Posted by: dl33t, May 23, 2004, 2:03pm; Reply: 17
Thx for the info & patch Justin,  I just dl'd Platinum (again) a couple days ago.  The Avalon project will be using eblah for the forums, but I'll post more on that in another board.

It's been a while since I've posted here - it's great to see things are still lively!

tkITez.
Posted by: Widgeteye, June 13, 2004, 3:51pm; Reply: 18
I found a problem with the upgrade.

Here's what I found. I have 2 members with names close to being the same.
One's name is Nightmare, the others name is KnightMare. At the bottom of the
main page I clicked on Nightmare's name and went to his data in the member's
center. His data came up as expected.  Then I clicked on "List messages this
member has posted." Or something to that effect,  and all the messages KnightMare
had posted came up, rather than the one's Nightmare had posted.

I upgraded with the p5 upgrade. My version is P5 or so it says at the bottom.

Widgeteye
Posted by: Justin, June 13, 2004, 5:00pm; Reply: 19
I am aware of it ..... :P
Posted by: Widgeteye, June 13, 2004, 6:11pm; Reply: 20
Quoted from admin, posted June 13, 2004, 5:00pm at here
I am aware of it ..... :P



Okee dokee.    ;)

BTW, Just wanted to say this is one of the best message board
software packages I have found. I don't know how you got it so
small with so many features compared to all the others. I love mine.
Really easy to admin so far and really easy to make pretty.   ;D

Thank you Justin for a great job and for sharing this great piece
of software with the rest of us.

Our Lord be with you.
Posted by: FFGalaxy, June 17, 2004, 11:11am; Reply: 21
One question Justin. I just updated to the new version of P7 you sent me so do I have to download this patch and overwrite the old file?
LN
Posted by: Justin, June 17, 2004, 11:34am; Reply: 22
Of course not.
Print page generated: December 3, 2008, 3:23pm
Powered by E-Blah Forum Software 10.3.5 © 2001-2008