| Author |
 Topic  |
|
|
Reinsnitz
Snitz Forums Admin
USA
3545 Posts |
 Posted - 14 August 2000 : 15:50:00
|
Due to a security hole in the application, we have released an interim service release that fixes this known bug.
It is highly suggested that you upgrade to this new version imidiately.
http://forum.snitz.com/specs.asp
<center>
Reinsnitz (Mike)
http://forum.snitz.com
><)))´>
<font color=green>The path of sorrow, and the path alone,
Leads to the land where sorrow is unknown.
No traveller e'er reached that bless'd abode,
Who found not thorns and briars in his road.
--Abraham Lincoln</font id=green>
</center> |
|
|
marc
Junior Member
Belgium
175 Posts |
Posted - 14 August 2000 : 17:17:24
|
Are you kidding ? I spent a very long time translating the forum in french. I can't go back now and begin this work again !
Tell us what piece of code has to be changed.
Thanks
-marc-
|
 |
|
|
Nathan L
New Member
USA
83 Posts |
Posted - 14 August 2000 : 18:33:00
|
Rather, for security reasons, you could alwasy ask Mike or gor what the changes are via e-mail.
Response.Write ("The Reign of Nice") |
|
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 14 August 2000 : 19:05:47
|
But then again, if I had to send it to everyone that requested it, I might as well post it here:
in <b>pop_profile.asp</b>
1) find this code starting at about line 279 and add the blue code:
<pre id=code><font face=courier size=2 id=code>
<p><form action="pop_profile.asp?mode=ModifyIt&id=<% =Request.Form("MEMBER_ID")%>" method="Post" id=Form1 name=Form1>
<font color=blue> <input type=hidden name="User" value="<% =Request.Form("User") %>">
<input type=hidden name="Pass" value="<% =Request.Form("Pass") %>">
</font id=blue></font id=code></pre id=code>
2) find the code <i>case "ModifyIt"</i> and add this code after it (new code is blue):
<pre id=code><font face=courier size=2 id=code>
case "ModifyIt"
<font color=blue> mLev = cint(ChkUser2(Request.Form("User"), Request.Form("Pass")))
if mLev > 0 then '## is Member
if mLev = 4 then</font id=blue>
'## Forum_SQL
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
</font id=code></pre id=code>
then scroll down until you see the Profile updated line and add this code:
<pre id=code><font face=courier size=2 id=code>
%>
<p><font face="<% =strDefaultFontFace %>" size="<% =strHeaderFontSize %>">Profile Updated.</font></p>
<font color=blue>
<% else %>
<P align=center><font face="<% =strDefaultFontFace %>" size="<% =strHeaderFontSize %>"><b>No Permissions to Modify a Member</font><br>
<br>
<font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><a href="JavaScript: onClick= history.go(-1) ">Go Back to Re-Authenticate</a></font></p>
<% end if %>
<% else %>
<P align=center><font face="<% =strDefaultFontFace %>" size="<% =strHeaderFontSize %>"><b>No Permissions to Modify a Member</font><br>
<br>
<font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><a href="JavaScript: onClick= history.go(-1) ">Go Back to Re-Authenticate</a></font></p>
<% end if %>
</font id=blue>
<% end select %>
</font id=code></pre id=code>
That's it for SR1.
<center><b>Pierre Gorissen </b>
<font color=purple><font size=1>I'm a fulltime workaholic back from vacation...</font id=size1></font id=purple></center>
<font color=green>edited after post by Lord Maverick</font id=green> |
|
|
|
Lord Maverick
New Member
Norway
92 Posts |
Posted - 14 August 2000 : 19:18:04
|
gor,
I made an ExamDiff with the old and this new pop_profile.asp and found yet another difference. These two lines are included in your new sr1 and not in the earlier Snitz final v.3.0:
<font color=red>275</font id=red> <input type=hidden name="User" value="<% =Request.Form("User") %>">
<font color=red>276</font id=red> <input type=hidden name="Pass" value="<% =Request.Form("Pass") %>">
Are these lines also an update in sr1?
Edited by - Lord Maverick on 14 August 2000 19:19:20 |
|
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 14 August 2000 : 19:36:48
|
Yes, you're right, forgot about those two lines.
I added them to my original reply, thanks !
<center><b>Pierre Gorissen </b>
<font color=purple><font size=1>I'm a fulltime workaholic back from vacation...</font id=size1></font id=purple></center> |
|
|
|
marc
Junior Member
Belgium
175 Posts |
Posted - 15 August 2000 : 09:32:33
|
LM, Wich tool are you using to do an "ExamDiff" ?
-marc valentin- |
|
|
|
Lord Maverick
New Member
Norway
92 Posts |
Posted - 15 August 2000 : 10:32:38
|
marc,
I use ExamDiff v 2.5 for Win 2000 which is a shareware that can be found at this link. They have just released a version 2.6. I find it easy to use and quite customizable for my use. Here is a quote from their ReadmeText:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>ExamDiff Pro is a shareware Windows 95/98 and Windows NT/2000 tool
for visual file and directory comparison. It has a number of
simple and convenient features that many users have been
asking for a long time from a comparison tool.
etc.etc...
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
BTW, I got this error when trying to post this message the first time:
<font color=blue>
Microsoft OLE DB Provider for ODBC Drivers error '80040e57'
[Microsoft][ODBC SQL Server Driver][SQL Server]String or binary data would be truncated.
/forum/post_info.asp, line 493 </font id=blue>
And the second time I tried to post this message I got this error message:
<font color=blue>
Active Server Pages error 'ASP 0113'
Script timed out
/forum/post_info.asp
The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools.
</font id=blue>
|
|
|
|
Reinsnitz
Snitz Forums Admin
USA
3545 Posts |
|
| |
Topic |
|
Topic Locked
