| Author |
 Topic  |
|
bjlt
Senior Member
1144 Posts |
 Posted - 16 June 2001 : 07:09:51
|
anybody would like to clarify to which file should i add the code other than post.asp?
and in post_info.asp, do i need to change the go_result sub as it's different than the one posted above?
thanks.
|
 |
|
|
mneedham
New Member
United Kingdom
84 Posts |
Posted - 24 June 2001 : 17:15:17
|
could someone post a download file which has the corrected post.asp file without the backdoor where people can post when the topic is locked
Thanks very much
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 25 June 2001 : 02:30:00
|
| v3.1sr4 version of post.asp with the code above added: Click Here |
|
|
|
samyot
Junior Member
Canada
242 Posts |
Posted - 03 July 2001 : 11:15:58
|
quote:
v3.1sr4 version of post.asp with the code above added: Click Here
Link doesn't work !
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 03 July 2001 : 15:01:57
|
| I updated the link. Try it now. |
|
|
|
tilttek
Junior Member
Canada
333 Posts |
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 04 July 2001 : 11:03:47
|
| Ok, I updated it again. Try it now. |
|
|
|
samyot
Junior Member
Canada
242 Posts |
Posted - 13 July 2001 : 15:05:36
|
Is the post.asp file the only file that need updating or do the other files mentioned above also need to be modified.
Also the posted post.asp file above doesn't have the modified code commented out. Is it possible to get a copy of post.asp with comments because I cannot simply replace my existing file.
If other files need modifications a well, please let me know.
Thank you in advance,
Sylvain Amyot
FORUM:http://syltek.dingojunction.com/forum
HOME:http://members.home.net/sylvainamyot/
|
|
|
|
tomasalsbro
Average Member
Sweden
818 Posts |
Posted - 14 July 2001 : 03:55:21
|
quote:
I added this code in topic.asp to prevent someone read posts under a private forum(smiliar backdoor problem with the post.asp):
'#### Forum_SQL - Find out if the Topic exists
strSql = "SELECT " & strTablePrefix & "TOPICS.T_STATUS "
strSql = strSql & " FROM " & strTablePrefix & "TOPICS "
strSql = strSql & " WHERE " & strTablePrefix & "TOPICS.TOPIC_ID = " & Request.QueryString("TOPIC_ID")
strSql = strSql & " AND " & strTablePrefix & "TOPICS.FORUM_ID = " & Request.QueryString("FORUM_ID")
strSql = strSql & " AND " & strTablePrefix & "TOPICS.CAT_ID = " & Request.QueryString("CAT_ID")
set rsStatus = my_Conn.Execute(strSql)
if rsStatus.EOF or rsStatus.BOF then
Go_Result "You have attempted to access a topic by tampering with the URL"
end if
'###########end check url tampering
Bascily, it denies access to read a post if the forum_id, topic_id, and cat_id of that post are not correct.
insert code to topic.asp right after this:
<!--#INCLUDE FILE="inc_top.asp" -->
Don't forget to add the Go_Result sub at the end of topic.asp
BabyGate
Hi BabyGate,
what do you mean with "Don't forget to add the Go_Result sub at the end of topic.asp"?Cheers / Tomas
!-Keep distance in traffic-!
www.whiplash.se
www.whiplash.pp.se |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 14 July 2001 : 04:24:08
|
samyot,
the code added to that file is:
everything between the following 2 lines of code:
<!--#INCLUDE FILE="inc_top.asp" -->
select case strSelectSize
and then everything after this line at the end of the file:
<!--#INCLUDE FILE="inc_footer.asp" -->
|
|
|
|
Kevo
Starting Member
USA
26 Posts |
Posted - 15 July 2001 : 14:16:08
|
Oh good, my bug is finnally getting fixed.
Good luck with it.
Later
|
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 22 July 2001 : 17:28:53
|
yes it finally got fixed, and implemented in the latest 3.3 code
|
|
|
|
Topic |
|
Forum Locked
Topic Locked
