Press "Enter" to skip to content

Posts published in “Day: February 21, 2005”

phpBB updrade to 2.0.12

phpBB released another update for their forums software, newest version is now 2.0.12. If you are running 2.0.11 the update is actually very straight forward, save yourself a lot of grief and be sure to edit the update_to_latest.php to reflect the location to your forum’s root directory. Took me over an hour to figure out what I hosed up, when the update script ran and blew up, ended up restoring the files I’d just backed up files only to find that some mods were broken rendering the board dead…. grrrr.. restored from an older backup… that was a bad idea, my backup script missed some key directories. While re-hacking the files to get things working again I remembered the update script error…… changed the path and presto MySQL was patched up, brought my backed .12 hacked files and most everything was back to normal… missed to recently added hacks. A few hours wasted over a stupid mistake, again.

The kicker is I’d missed the same thing back when 2.0.11 was released, think it took me a quite a while to figure it out then too. Our board is so heavily hacked, it’s beyond recognition of the update scripts, so everything has to be done by hand diff’ing each file and sorting out the new code from the old. A lot of these head pounding sessions could probably be eliminated if I were to update things via FTP (I assume most do it that way) instead of hacking on the live files through a shell and pico….. Nah, that’d be too easy.

Aside from the bug patches the version number was removed from the footers, after the recent santy worms this comes as little surprise.

None the less here are the details of the fixes;

  • Added confirm table to admin_db_utilities.php
  • Prevented full path display on critical messages
  • Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug – AnthraX101
  • Added exclude list to unsetting globals (if register_globals is on) – SpoofedExistence
  • Fixed arbitrary file disclosure vulnerability in avatar handling functions – AnthraX101
  • Fixed arbitrary file unlink vulnerability in avatar handling functions -AnthraX101
  • Removed version number from powered by line
  • Merged database update files to update_to_latest.php file
  • Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101’s discovery)
  • Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug – matrix_killer

You can grab the 2.0.11 -> 2.0.12 update Here. Or from the official announcement thread.


Just one more quick note before I forget to post it, G-Metrics, a great tool for tracking things such as site: links: allinurl: ect commands for Google. Give it a try, you won’t be disappointed.

RedHat bites… Slackware rocks

I gave up, after fighting with RedHat to install and actually boot from the RAID1 array for over 6 hours, out of pure frustration I just gave up, plopped Slackware 10.1 in, install took 8 mins for both cd’s and it boots first time, raidd running as a background daemon running for mirroring only burning about 4% of the CPU during a heavy install and running IBM’s Websphere server. Way overboard on the RAM with Slack, kernel functions, raidd, ftpd, httpd and sendmail daemons, and the KDE Xwindows desktop and it’s only burning <95M RAM churning a paisley 10% of the CPU.

RH once I got it to boot (minus the array) was cranking up to over 50% resources burned. Piss on it, I’ve been running Slack since ’96 or so, way back when it took 110 1.4M floppies to install…and have tried dozen of other distros, and not a one holds a candle to Slackware.

Only thing I was disappointed with v10.1 is it still defaults to a 2.4.x kernel, easy enough to fix, I’ll pull down the newest 2.6.x kernel tommorrow and recompile it up to get a bit more performance. I love kernel hacking. best record so far was a kernel that weighed in at <187K for a 486DX webserver with only 4M RAM, believe it or not it’s still running managing my MRTG stats and such.

BTW who the hell still runs WebSphere? I thought IBM folded that one up years ago…. guess I was wrong, but my client wants it, so he’s got it. Nicest treat was the build was written for RH8, but I was able to get her to fire right up under Slack with no cussing or fighting…go figger.

Well the job is finished for the night, and will be ready to deploy tommorrow evening after work.

Now I can use the RH cd’s for pistol targets or something when the damn snow melts and goes away. Think we got another 4-5″ today…. come one guys it’s the end of Feb, we should be done with that white crap by now. Hope it melts away soon. Time for bed.