| Author |
 Topic  |
|
|
PBsoft
Starting Member
Italy
5 Posts |
 Posted - 01 November 2009 : 10:05:08
|
In the following post http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69020 a forum administrator replied me that I can find a security fix.
I tried searching the forum, but didn't find nothing specific for this issue.
Can someone suggest me where can I find this fix?
Many thanks and congratulations for this beautiful application. |
Gabriele Bertolucci @ PBsoft |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
PBsoft
Starting Member
Italy
5 Posts |
Posted - 01 November 2009 : 12:17:21
|
Ok, but the security bug fix mentioned in topic 68824 (dated august 01) does not contain the reccommended fix of topic 68818 (dated july 30) which was written before.
It seemed strange to me, that's why I've said the bug fix does not correct the problem of the wrong variable.
Am I still wrong?
Thanks for your help. |
Gabriele Bertolucci @ PBsoft |
 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 01 November 2009 : 12:46:20
|
The security fix addressed a security problem, so you can say it's different from the bug fix, which addresses a lesser problem.
Your report brings a new issue, that one related to setup.asp, which hadn't been reported before, and I believe will apply to a new forum. It will also be noticeable only when the table prefixes are not the same, which makes it even more unlikely to be detected.
I will ask you to please post just a bug report about setup.asp, since it's a new issue. I will approve it and provide the links to the related stuff.
Thanks. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
PBsoft
Starting Member
Italy
5 Posts |
Posted - 01 November 2009 : 13:54:34
|
As you requested me, I've created a new virtual directory into my IIS server and exploded your forum inside it.
After few modifications in the config.asp and the creation of a new empty db I navigated to setup.asp.
Notice that I chose three different values for the three variables.
Anyway, I expected everything work, indeed setup.asp created every table without errors.
I suppose the problem will raise only in database update procedures, but I couldn't get a try.
In case of update, how is it possible for everything to work correctly if in section "Setup for update 12" of setup.asp you use either strTablePrefix (e.g. line 3627 and 3645) or strMemberTablePrefix (e.g. line 3738 and 3748) for ..MEMBERS and ..MEMBERS_PENDING tables?
For example, how can it works correctly when you try to execute
"ALTER TABLE " & strTablePrefix & "MEMBERS ALTER COLUMN M_LAST_IP NVARCHAR (50) '000.000.000.000' "
Thanks to consider my comments. |
Gabriele Bertolucci @ PBsoft |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
| |
Topic |
|
Topic Locked
