tcc> Ok now where exactly would one include this information to
tcc> tighten the security? After going through all profile pages
tcc> (running 2.0.6) I found nothing like this Are we sure it is
tcc> included in 2.0.6? I think if the files that need to be fixed can
tcc> be listed we can start to work on this fix.
Yes, fix for this hole was included into 2.0.6 (above in the thread
someone post a piece of code from 2.0.6 wich cover this).
But be carefull phpBB team sometimes update their packages without
changing number. So better if you check your code in
include/usercp_viewprofile.php (there must be the code quoted above).
Best regards,
Alexander GQ Gerasiov <bugtaq (at) gq.pp (dot) ru [email concealed]>
Êóêà: Ïîæàëóéñòà, íå âûãîíÿéòå ñòóäåíòîâ èç Ãàðâàðäà. Äàéòå èì äîó÷èòüñÿ. À òî îíè ïîòîì Windows äåëàþò.
np: [Clear Project Studio] Chillout Moods (Disc 7) -- Quidam
tcc> Ok now where exactly would one include this information to
tcc> tighten the security? After going through all profile pages
tcc> (running 2.0.6) I found nothing like this Are we sure it is
tcc> included in 2.0.6? I think if the files that need to be fixed can
tcc> be listed we can start to work on this fix.
Yes, fix for this hole was included into 2.0.6 (above in the thread
someone post a piece of code from 2.0.6 wich cover this).
But be carefull phpBB team sometimes update their packages without
changing number. So better if you check your code in
include/usercp_viewprofile.php (there must be the code quoted above).
Best regards,
Alexander GQ Gerasiov <bugtaq (at) gq.pp (dot) ru [email concealed]>
Êóêà: Ïîæàëóéñòà, íå âûãîíÿéòå ñòóäåíòîâ èç Ãàðâàðäà. Äàéòå èì äîó÷èòüñÿ. À òî îíè ïîòîì Windows äåëàþò.
np: [Clear Project Studio] Chillout Moods (Disc 7) -- Quidam
[ reply ]