Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 (v3.4.04) Security Related BUG+FIX: pop_mail.asp		  Forum Locked  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 11 June 2004 :  13:54:52  Show Profile
on line #184 of pop_mail.asp find the following:
Response.Write	"    <p><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>Click to send <a href=""mailto:" & rs("M_EMAIL") & """>" & strRName & "</a> an e-mail</font></p>" & vbNewLine
and replace it with:
Response.Write	"    <p><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>Click to send <a href=""mailto:" & chkString(rs("M_EMAIL"),"display") & """>" & strRName & "</a> an e-mail</font></p>" & vbNewLine

borge
Junior Member

Norway
185 Posts
Posted - 11 June 2004 :  14:18:08  Show Profile
I find the same code in pop_mail.asp v3.4.03 too. Should this fix be used for that version too?
borge
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 11 June 2004 :  15:31:32  Show Profile
we don't support v3.4.03 anymore. But, yes, this fix would apply to v3.4.03 as well.(and all other versions)
Go to Top of Page

roberty
Starting Member

7 Posts
Posted - 11 June 2004 :  21:40:51  Show Profile
quote:
Originally posted by RichardKinser

we don't support v3.4.03 anymore. But, yes, this fix would apply to v3.4.03 as well.(and all other versions)


I tried searching the download page ...

found only 3.4.04 ... is there an upgrade file to upgrade 3.4.03 to 3.4.04?

Thanks.
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 11 June 2004 :  21:52:15  Show Profile
No, you just have to replace the files with the v3.4.04 versions, then run the upgrade from setup.asp.

also, see here: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=50249#273882
Go to Top of Page

roberty
Starting Member

7 Posts
Posted - 11 June 2004 :  22:02:16  Show Profile
quote:
Originally posted by RichardKinser

No, you just have to replace the files with the v3.4.04 versions, then run the upgrade from setup.asp.

also, see here: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=50249#273882


Thanks ... silly me should have done a search for v3.4.04 ....
Go to Top of Page

spyordie007
Junior Member

USA
408 Posts
Posted - 13 June 2004 :  14:08:23  Show Profile  Visit spyordie007's Homepage  Send spyordie007 an AOL message
quote:
Originally posted by RichardKinser

No, you just have to replace the files with the v3.4.04 versions, then run the upgrade from setup.asp.

also, see here: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=50249#273882

Of course anyone who has been running an old 3.4.03 version forum and just done the code updates will still see that version number on their forum configuration page after they've done the updates...
Power - The only narcotic controlled by the SEC, not the FDA.

Prosperity without pollution! The American Hydrogen Association - http://www.ahanw.org
Questions about Hydrogen? Post them on our forum - http://www.ahanw.org/forum
Go to Top of Page

taropatch
Average Member

USA
741 Posts
Posted - 14 June 2004 :  17:47:07  Show Profile
Shouldn't this fix also call for a "Bug Fix list for v3.4.04" in the Community forum? Just curious since that is where I usually look for any updates.
Go to Top of Page

chumbawumba
Junior Member

United Kingdom
304 Posts
Posted - 15 June 2004 :  10:55:48  Show Profile
Usually when there is a security fix an email gets sent out. I didnt receive it, is this somehow connected to the email issues that Huw resolved a week or so ago??
Any snitzers who don't check this forum regularly for updates, might not update their code.
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 15 June 2004 :  11:19:28  Show Profile
Yes, an e-mail went out to the mailing list. I've been getting the bounce notices ever since it went out. I then go through and remove those e-mail addresses from the mailing list. We use SourceForge for our mailing list, it has nothing to do with the e-mail functions in this forum or on this site. I think that SourceForge sends out the e-mails in batches, instead of all at one time. I got it to my e-mail address yesterday (it was sent out on Friday).
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 15 June 2004 :  11:20:19  Show Profile
quote:
Originally posted by taropatch

Shouldn't this fix also call for a "Bug Fix list for v3.4.04" in the Community forum? Just curious since that is where I usually look for any updates.
Does 1 fix constitute a list?
Go to Top of Page

taropatch
Average Member

USA
741 Posts
Posted - 15 June 2004 :  20:19:52  Show Profile
quote:
Originally posted by RichardKinser

Does 1 fix constitute a list?
Good point. I had forgotten all about the email list. I don't think it ever worked for me. Maybe hotmail trashed it? I just re-registered with a different email.
Go to Top of Page

ASP.Confused
Starting Member

16 Posts
Posted - 25 June 2004 :  15:03:09  Show Profile
What exactly does this fix?
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 25 June 2004 :  17:21:34  Show Profile
Basically, the e-mail address (when you have e-mail turned off on the forum) was being displayed exactly how it was entered. This fix applies the chkString function to it before it's displayed so that certain characters (as specified in the chkString function) will be filtered out.
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 20 September 2004 :  20:02:54  Show Profile
fixed in v3.4.05
Go to Top of Page
  Previous Topic Topic Next Topic  
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.15 seconds. Powered By: Snitz Forums 2000 Version 3.4.07