IntegraMod Security fix

[Flex]

did u both downloaded the hack_update2.rar ? and overrighted them?

I did.

[Unregistered]

its not ok to overight those files.. u need to replace with ur old files..either ways, am gettin the same "Hacking attempt... Details Logged" as well.. some pages can access.. others cant..

[Solomon]

BUG: ACP/Security/

/forum/admin/admin_security.php
/forum/admin/admin_security.php?mode=gd_info
/forum/admin/admin_security.php?mode=php_info
/forum/admin/admin_security.php?mode=members
/forum/admin/admin_security.php?mode=search
/forum/admin/admin_security.php?mode=special

I get: "Hacking attempt... Details Logged" in the right window

More:
ACP/AMOD+Admin :ra: Manage, Quota Limit, Shadow Attachments, Sync Attachments
ACP/Extensions/Extension management,Extension Group Management, Forbidden Extensions, Special Categories
ACP/Forum Admin :ra: FTR configuration, FTR users
ACP/General Admin :ra: Add New
ACP/Links :ra: PCP Wizard
ACP/Photo Album :ra: Package module
ACP/Style Admin :ra: IPN Log, Configuration
ACP/Tools/PCP Info
ACP/User Admin <img> Junior Admin, Points Configuration, Private Messages, Private Messages Archive, Prune Users, Subscription,

[Flex]

So I shouldn't have replaced the files that got attached as a fix?, Should I replaced them back from my last good backup?

[Solomon]

did u both downloaded the hack_update2.rar ? and overrighted them?

yes downloaded them
no I used winmerge for the code edits shown on the first post
doesnt matter, doing code edits manually resulted in same problem

[Unregistered]

open ur admin_security.php

FIND

$phpbb_root_path = '../';

REPLACE WITH

$phpbb_root_path = "./../";


... let me know how it goes..maybe we might have to open all the files and edit this ? <img>

[Michaelo]

Guys some of you have different versions and additional mods added... It is impossible to deal with these individually...

All edit will always relate to 140 default install... If you have over-written these three files replace them with you backup and do the edits one file at a time checking to see if thinks work...

The latest edits (in first post) only alter the php_root_path if it contains illegal links i.e. it must be either ./ or ./../ or blank and its length must be less that 5 characters. This way it should not effect the path for other files...

Note is has been necessary to edit the fixes three or four time as fixes become available so alway make sure you have the latest files and remember to save before editing especially if you have added mods.
Mike

[Solomon]

BTW in functions.php there is two instances of "// BEGIN Style Select MOD"

Lines 663-665

Code: Select all

      // BEGIN Style Select MOD     global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;     // END Style Select MOD  

You should update the instructions in the first post to find the instance around line 820.

[Unregistered]

mike, i can access the Security / Sepecial - after i replaced $phpbb_root_path = '../'; to $phpbb_root_path = "./../"; in admin_security.php

do i have to replace all the files which i cant access?

[Unregistered]

Solomon, i knew someone wil ask that quesation..

FIND

Code: Select all

    //         // Set up style         //     // BEGIN Style Select MOD  

[Solomon]

mike, i can access the Security / Sepecial - after i replaced $phpbb_root_path = '../'; to $phpbb_root_path = "./../"; in admin_security.php

do i have to replace all the files which i cant access?

same here

[Flex]

Well, question is... Do we have to replaced as (as unregistered mentioned) all files with $phpbb_root_path = "./../"; ?

[Unregistered]

we need a YES from an admin.. so we can start workin on it and its been a long day so far <img>

[Michaelo]

Unregistered, you have to replace the code between these comments
// BEGIN Style Select MOD
and
// END Style Select MOD

... is used to represent code rather that writing all of it

[color=red]New update to fix the ./ and ../ problem in ACP...
This edit is no longer required]

[Flex]

Dont go to sleep, we need you!!! and it's only 13:08!!! he he he I know I know.