| Author |
 Topic  |
|
tangoc9999
Junior Member
USA
158 Posts |
 Posted - 27 April 2002 : 14:07:08
|
pop_printer_friendly.asp can be backdoored and used to read private and hidden forums by by non members and and regular members alike. all tht is needed is the topic id.
TANGO
Computers run on smoke, when the smoke comes out, they quit running!
 |
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
|
|
tangoc9999
Junior Member
USA
158 Posts |
Posted - 27 April 2002 : 20:24:39
|
works well, thank you Richard.
TANGO
Computers run on smoke, when the smoke comes out, they quit running!
|
 |
|
|
Deleted
deleted
4116 Posts |
|
|
Kenno
Average Member
Cambodia
846 Posts |
Posted - 28 April 2002 : 19:21:20
|
I have replaced the old file with the new one, I find another problem. Everythig is okay, except when I do the "printer friendly" on achived topic. The printer friendly is working here, but not at my forum. This is the message I've got:
"There has been a problem!
Either the Topic was not found or you are not authorized to view it".
Has anyone had the same problems?
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 28 April 2002 : 22:27:22
|
you also need to change the following in topic.asp:
in sub PostingOptions around line #698 find this (this link appears twice on the same line, you need to change both of them):
<a href="JavaScript:openWindow5('pop_printer_friendly.asp?TOPIC_ID=<% =Topic_ID %>')">
and change it to this:
<a href="JavaScript:openWindow5('pop_printer_friendly.asp?<% =ArchiveLink %>TOPIC_ID=<% =Topic_ID %>')"> |
|
|
|
Aaron S.
Average Member
USA
985 Posts |
|
|
Kenno
Average Member
Cambodia
846 Posts |
Posted - 29 April 2002 : 14:29:37
|
quote:
you also need to change the following in topic.asp:
in sub PostingOptions around line #698 find this (this link appears twice on the same line, you need to change both of them):
<a href="JavaScript:openWindow5('pop_printer_friendly.asp?TOPIC_ID=<% =Topic_ID %>')">
and change it to this:
<a href="JavaScript:openWindow5('pop_printer_friendly.asp?<% =ArchiveLink %>TOPIC_ID=<% =Topic_ID %>')">
Richard,
Very weird, in the topic.asp, <% =AchiveLink %> doesn't pass any value to it. I think I might have accidentally removed something from it. So when I add the code you suggested above, it still did not work.
I'll take a look at it more. :-(
Kenno
|
|
|
|
Aaron S.
Average Member
USA
985 Posts |
|
|
groul
Starting Member
11 Posts |
Posted - 29 April 2002 : 20:32:16
|
SO which one is the final version [i'm talking about the changes in topic.asp]?
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
|
|
tangoc9999
Junior Member
USA
158 Posts |
Posted - 01 May 2002 : 15:03:24
|
fyi, i tried the code snippet that richard recommended still caused the case that kenno described. i tried aarons snippet and all is well. the only difference that i can think of is that i am running a highly modified version of davios anonymous access mod. i remember tweaking something awhile ago in search.asp which might have made the difference. just my experiences folks.
TANGO
Computers run on smoke, when the smoke comes out, they quit running!
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 01 May 2002 : 19:32:34
|
| but what happens when you click on the link when the topic is not in the archive? |
|
|
|
tangoc9999
Junior Member
USA
158 Posts |
Posted - 01 May 2002 : 22:39:19
|
i guess i should have rechecked that. it shows the error kenno stated.
TANGO
Computers run on smoke, when the smoke comes out, they quit running!
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 01 May 2002 : 23:48:19
|
Does your topic.asp have the following near the top of it?
if request("ARCHIVE") = "true" then
strActivePrefix = strTablePrefix & "A_"
ArchiveView = "true"
ArchiveLink = "ARCHIVE=true&"
else
strActivePrefix = strTablePrefix
ArchiveView = ""
ArchiveLink = ""
end if |
|
|
|
dssww
Junior Member
USA
182 Posts |
Posted - 02 May 2002 : 07:17:06
|
There are 2 instances of the above IF statement, the second one does not have ArchiveLink =
If you add it it works fine.
|
|
|
|
Topic |
|
Topic Locked
