| Author |
 Topic  |
|
|
Romee
Junior Member
Netherlands
180 Posts |
 Posted - 08 July 2002 : 08:44:35
|
The last patch for pop_profile Post40b03patch004 (downloaded today) is of may 18 2002.
I compared it with version 3.3.05, because I thought they were identical (except the lang-transition ofcourse). I found some diffences. Shouldn't they be in it?
I give the lines from the 3.3.05 version that are missing in the int. version.
line 56 60
if Request.QueryString("id") <> "" and IsNumeric(Request.QueryString("id")) = true then
ppMember_ID = cLng(Request.QueryString("id"))
else
ppMember_ID = 0
end if
line 113-114
if rs.BOF or rs.EOF then
Err_Msg = "Invalid Member ID!"
line 116-134
Response.Write " <table width=""100%"" border=""0"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>" & vbNewLine & _
" <img src=""" & strImageUrl & "icon_folder_open.gif"" height=""15"" width=""15"" border=""0""> <a href=""default.asp"">All Forums</a><br>" & vbNewLine & _
" <img src=""" & strImageUrl & "icon_bar.gif"" height=""15"" width=""15"" border=""0""><img src=""" & strImageUrl & "icon_folder_open_topic.gif"" height=""15"" width=""15"" border=""0""> Member's Profile</font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """ color=""red"">There Was A Problem!</font></p>" & vbNewLine & _
" <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """ color=""red"">" & Err_Msg & "</font></p>" & vbNewLine & _
" <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""JavaScript:history.go(-1)"">Back to Forum</a></font></p>" & vbNewLine & _
" <br>" & vbNewLine
if not(strUseExtendedProfile) then
WriteFooterShort
Response.End
else
WriteFooter
Response.End
end if
else
line 610
end if
[moved by bozden on 03 October 2002]
< |
Edited by - Deleted on 03 October 2002 20:16:31 |
|
|
Deleted
deleted
4116 Posts |
Posted - 08 July 2002 : 18:09:27
|
Romee, thank you for cross checking  .
Currently patch004 has fixes for ALL security fixes listed in the security forum, including the one which is AFTER v3.3.05 (thus not included in v3.3.05).
The latest copy of Post40b04patch004.zip file I have is dated 23 May 2002. I updated the file a couple of times during the hacking/fixing storm. If you are interested in this topic, please open the ZIP and confirm that pop-profile file date is 18.05.2002 19:38...
During patching, I do not take the new files and re-transform to internationalized version (it would suck if I had to do it for all fixes released). I just apply the fixes into existing v4b files. What I did here is to apply what is said in http://forum.snitz.com/forum/topic.asp?TOPIC_ID=28273 , which actually does the trick.
After the fix, Richard continued to play with the files for better coding, additional condition checking and optimization. When he published v3.3.05, he used some of the ideas from v3.4 beta, where HTML code is converted to response.write's, some of the bugs fixed etc. I did not take them, except the urgent security related ones (check the release times of the downloadable files ).
Everywhere I mention that v4b04.004 is "functionally" equivalent to v3.3.05, and has same security. This is the reason .
Think Pink
==> Start Internationalization Here< |
 |
|
|
Romee
Junior Member
Netherlands
180 Posts |
Posted - 09 July 2002 : 04:08:57
|
quote:
Everywhere I mention that v4b04.004 is "functionally" equivalent to v3.3.05, and has same security. This is the reason .
Think Pink
==> Start Internationalization Here
That explains it.
grz Bozden
Romée
Edited by - Romee on 09 July 2002 04:10:32< |
|
|
| |
Topic |
|
|
|
