The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
There is a security related bug fix with pop_profile.asp. The issue is serious enough to compromise the security of a board. It affects version 3.4.07 only, since previous versions don't use the code with the security problem,
Lines #1162-1195,
should be replaced by
Any questions, please post on the General Help forum.
Lines #1162-1195,
Code:
Else
'Comment out down to the next comment to let it take me@example.com and/or .ex as well
'strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & chkString(Request.Form("Email"),"sqlstring") & "'"
'set rsSpam = my_Conn.Execute (strsql)
'If Not rsSpam.EOF Then
' Err_Msg = Err_Msg & "<li>You cannot register with '" & chkString(Request.Form("Email"),"sqlstring") & "'.</li>"
'End If
'Dim strMailTLD : strMailTLD = LCase(Mid(Request.Form("Email"),InStrRev(Request.Form("Email"),".")))
'strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailTLD & "'"
'set rsSpam = my_Conn.Execute (strsql)
'If Not rsSpam.EOF Then
' Err_Msg = Err_Msg & "<li>You cannot register with a '" & strMailTLD & "' email address.</li>"
'End If
'Comment out up to the previous comment to let it take me@example.com and/or .ex as well
strMailDomain = LCase(Mid(Request.Form("Email"),InStrRev(Request.Form("Email"),"@")))
strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailDomain & "'"
set rsSpam = my_Conn.Execute (strsql)
If Not rsSpam.EOF Then
Err_Msg = Err_Msg & "<li>You cannot register with an '" & strMailDomain & "' email address.</li>"
End If
rsSpam.close
Set rsSpam = Nothing
end if
if EmailField(Request.Form("Email")) = 0 then
Err_Msg = Err_Msg & "<li>You Must enter a valid e-mail address</li>"
end if
should be replaced by
Code:
else
if EmailField(Request.Form("Email")) = 0 then
Err_Msg = Err_Msg & "<li>You Must enter a valid e-mail address</li>"
else
strMailDomain = LCase(Mid(Request.Form("Email"),InStrRev(Request.Form("Email"),"@")))
strsql = "SELECT SPAM_SERVER FROM " & strTablePrefix & "SPAM_MAIL WHERE SPAM_SERVER = '" & strMailDomain & "'"
set rsSpam = my_Conn.Execute (strsql)
If Not rsSpam.EOF Then
Err_Msg = Err_Msg & "<li>You cannot register with an '" & strMailDomain & "' email address.</li>"
End If
rsSpam.close
Set rsSpam = Nothing
end if
end if
نوشته شده در
Same replacement needs to be done for original lines# 1497-1530 (numbers after the first replacement), a bit below on the file, where the same code is used.