The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
We are posting a security fix to several Snitz files, involving the handling of IP addresses.
1. Inc_func_common.asp, lines #576-584, add the red part:
2. The same fix (adding the red line) is needed in:
- Line#825, post_info.asp;
- Line#1017, post_info.asp;
- Line#544, register.asp;
3. Not Snitz base code, but as it is used in many forums, IPgate may need a similar fix. Somewhere around line#73, inc_ipgate.asp above
add this line:
This affects Snitz 3.4.07. Previous versions that applied a bug fix that was posted for 3.4.06, using server variables HTTP_X_FORWARDED_FOR and REMOTE_ADDR may need similar fixing.
1. Inc_func_common.asp, lines #576-584, add the red part:
Code:
function UpdateLastHereDate(fTime,UserName)
UserIPAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
if UserIPAddress = "" or left(UserIPAddress, 7) = "unknown" then
UserIPAddress = Request.ServerVariables("REMOTE_ADDR")
elseif InStr(UserIPAddress, ",") > 0 then
UserIPAddress = Left(UserIPAddress, InStr(UserIPAddress, ",")-1)
elseif InStr(UserIPAddress, ";") > 0 then
UserIPAddress = Left(UserIPAddress, InStr(UserIPAddress, ";")-1)
end If
UserIPAddress = Trim(ChkString(UserIPAddress,"SQLString"))
2. The same fix (adding the red line) is needed in:
- Line#825, post_info.asp;
- Line#1017, post_info.asp;
- Line#544, register.asp;
3. Not Snitz base code, but as it is used in many forums, IPgate may need a similar fix. Somewhere around line#73, inc_ipgate.asp above
Code:
useriparr = split(userip,".")
Code:
userip = Trim(ChkString(userip,"SQLString"))
This affects Snitz 3.4.07. Previous versions that applied a bug fix that was posted for 3.4.06, using server variables HTTP_X_FORWARDED_FOR and REMOTE_ADDR may need similar fixing.