JapaneseKamikaze
Newbie   Posts: 6 Registered: 1/5/2003 Status: Offline
|
posted on 1/6/2003 at 12:02 AM |
Just to let you know the new PN sercurity fix disables your module from
being viewed by unregisted users. IT still works fine for regisitered
users. I have backups of both and when I use the non-patch version I do not
get the error. However when I do use the patch it does indeed happen. Here
is a discpription of the patch.
The pnDev-Team released a security fix package (changed files only) for
.723. For best possible security please apply the package ASAP to your .723
installation (previous installations must be updated to .723 at first).
Download: Security Fixpackage 0.723
MD5 Checksum: 8a780f71705596d32d98e5f12e0bdb4f
[see extended text for further information]
FIXES
/modules/Modules/pnadminapi.php (fixed regeneration bug, thx to cmgrote,
jojodee, jnapp)
/includes/security.php (updated permission check)
/includes/pnAPI.php (updated pnanticracker)
/includes/pnSession.php (fixed globals)
/modules/Credits/pnuser.php (fixed path disclosure, thx to Alexander GQ
Gerasiov)
/includes/blocks/topic.php (fixed permission check, thx to ddrury)
/includes/blocks/weblinks.php (fixed permission check, thx to cs)
/includes/blocks/stories.php (fixed permission check)
Here is a link to the patch.
http://news.postnuke.com/modules.php?op=modload&name=Ne
ws&file=article&sid=2322
If you want to see it with the problems please visit:
http://japanesekamikaze.net/
Any of the extras* are using PostWrap
Thanks for any help!
-JapaneseKamikaze
|
| |
| |
JapaneseKamikaze
Newbie Posts: 6 Registered: 1/5/2003 Status: Offline
|
posted on 1/6/2003 at 12:30 AM |
Correction, only my administrators can view the pages.
I have found it work with group permissions. And those who have admin
rights. Nothing else, I tried all up to delete.
[Edited on 6/1/2003 by JapaneseKamikaze]
|
| |
JapaneseKamikaze
Newbie Posts: 6 Registered: 1/5/2003 Status: Offline
|
posted on 1/7/2003 at 09:09 AM |
Has anyone updated and having the same effect? I would like to know if it
is just me, hopefully.
Shawn if you need any more info or anything else let me know 
[Edited on 7/1/2003 by JapaneseKamikaze]
|
| |
wrapper
Newbie Posts: 3 Registered: 1/7/2003 Status: Offline
|
posted on 1/7/2003 at 04:41 PM |
Yes, I'm experiencing the exact same problem on my website after applying
the "security fix."
Admin is able to view PostWrap pages okay. Visitors and Registered Users
see blank pages.
|
| |
shawn
Administrator   Posts: 4608 Registered: 10/7/2002 Status: Offline
|
posted on 1/7/2003 at 04:59 PM |
I will need to apply the "fix" to a dev site and test it.
-Shawn
|
| |
JapaneseKamikaze
Newbie Posts: 6 Registered: 1/5/2003 Status: Offline
|
posted on 1/7/2003 at 11:18 PM |
Hey Shawn. I can give you access to your module on my site. Let me know.
You can email me at japanesekamikaze@hotmail.com
|
| |
JapaneseKamikaze
Newbie Posts: 6 Registered: 1/5/2003 Status: Offline
|
posted on 1/8/2003 at 12:09 AM |
Ok I have it all setup, just waiting for your email
|
| |
wrapper
Newbie Posts: 3 Registered: 1/7/2003 Status: Offline
|
posted on 1/8/2003 at 06:29 AM |
Got it to work by disabling the URL Security - "NO" to "Compare URL
against URL Security in DataBase"
What security risks are there by not setting up the "URL Security?"
[Edited on 8/1/2003 by wrapper]
|
| |
CyberOto
Newbie Posts: 6 Registered: 11/12/2002 Status: Offline
|
posted on 1/8/2003 at 12:37 PM |
Hi
Open index.php
arond line #71 look for
if (!pnSecAuthAction(0, '::', '::', ACCESS_READ))
then change it to
if (!pnSecAuthAction(0, 'PostWrap::', '::', ACCESS_READ))
This should work.
My mistake :-(
|
| |
shawn
Administrator Posts: 4608 Registered: 10/7/2002 Status: Offline
|
posted on 1/8/2003 at 06:35 PM |
Thanks buddy! I have added the fix and will release after testing.
Anyone who tries this, let me know your results!
-Shawn
|
| |
JapaneseKamikaze
Newbie Posts: 6 Registered: 1/5/2003 Status: Offline
|
posted on 1/8/2003 at 10:35 PM |
Yes it does indeed work, thanks a bunch!!!!
|
| |
wrapper
Newbie Posts: 3 Registered: 1/7/2003 Status: Offline
|
posted on 1/9/2003 at 10:47 PM |
It works! Thank you.
|
| |
shawn
Administrator Posts: 4608 Registered: 10/7/2002 Status: Offline
|
posted on 1/9/2003 at 10:56 PM |
Cool, thanks! I will release an updated ver soon...
-Shawn
|
| |
Web Hosting & Domain Names!
