Black Prowler Posted October 9, 2006 Share Posted October 9, 2006 then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;) Link to comment Share on other sites More sharing options...
Will L. Posted October 9, 2006 Share Posted October 9, 2006 then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)you must be special as I looked at all my development and skin 2.1.7 and 3 live 2.1.7's and 1 2.1.7 archived on a cd-rom disc and it never had this addedand thanks Matt and staff for this quick fix its better to be safe then sorry is my saying on php security Link to comment Share on other sites More sharing options...
smashIt Posted October 9, 2006 Share Posted October 9, 2006 the line is in 2.1.6 BUT it's inside an else statement.thats a bit of a difference Link to comment Share on other sites More sharing options...
Stewart Posted October 9, 2006 Share Posted October 9, 2006 then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)It's simply not possible. Note that the edit is to comment out a section of code. The section of code could and should be there already yes, but it is not commented out :) Link to comment Share on other sites More sharing options...
strolly Posted October 16, 2006 Share Posted October 16, 2006 Hello I see the risk is low and Matt even posted in this thread quote I'm confident that this won't be a huge problem. It requires such a specific sequence of events to execute, most script kiddies won't really bother. In any case, we had the fix out around two hours after the vulnerability was made public.quote but wondered if someone could help, a forum I am a member of had problems yesterday and the usernames of 3 members were changed, two of the usernames were changed to the peoples real life names and one to a different id. The owner of this forum seems to be having problems in sorting this out could you advise him on the best course of action. Members are concerned about privacy violations if hackers are able to access your forums. This is the thread and forum in questionhttp://www.gptinfo.net/forum/index.php?showtopic=3380Thank you for any help you can give on solving this problem. Link to comment Share on other sites More sharing options...
bfarber Posted October 16, 2006 Share Posted October 16, 2006 Hello I see the risk is low and Matt even posted in this thread quote I'm confident that this won't be a huge problem. It requires such a specific sequence of events to execute, most script kiddies won't really bother. In any case, we had the fix out around two hours after the vulnerability was made public.quote but wondered if someone could help, a forum I am a member of had problems yesterday and the usernames of 3 members were changed, two of the usernames were changed to the peoples real life names and one to a different id. The owner of this forum seems to be having problems in sorting this out could you advise him on the best course of action. Members are concerned about privacy violations if hackers are able to access your forums. This is the thread and forum in questionhttp://www.gptinfo.net/forum/index.php?showtopic=3380Thank you for any help you can give on solving this problem.Please submit a ticket for support. :)http://invisionpower.com/customer Link to comment Share on other sites More sharing options...
strolly Posted October 16, 2006 Share Posted October 16, 2006 Please submit a ticket for support. :)http://invisionpower.com/customerThank you I will pass the information on, I was under the impression this security flaw was a redirect but is it possible the hacker could have got access to change users info? Link to comment Share on other sites More sharing options...
Canadian Hotdogman Posted October 17, 2006 Share Posted October 17, 2006 So there's this new one that just happened? Link to comment Share on other sites More sharing options...
bfarber Posted October 17, 2006 Share Posted October 17, 2006 So there's this new one that just happened?Correct. Link to comment Share on other sites More sharing options...
.Ryan Posted October 17, 2006 Share Posted October 17, 2006 Will that sources file we downloaded, be updated, or do I just need to manually do it? And what are the chances of this happening anyways? Link to comment Share on other sites More sharing options...
Guest Posted October 17, 2006 Share Posted October 17, 2006 always up the latest version, security over ease. ;) Link to comment Share on other sites More sharing options...
djixas Posted October 17, 2006 Share Posted October 17, 2006 Why not created new topic about update? Since it shows up to date anyway even if not updated. Link to comment Share on other sites More sharing options...
Canadian Hotdogman Posted October 17, 2006 Share Posted October 17, 2006 I agree with the person above me. Link to comment Share on other sites More sharing options...
krang Posted October 17, 2006 Share Posted October 17, 2006 I do also agree with people above.And could you please, for those who choose the manually update the file, add also the exact file so that I don't have to search it and can be sure, that it's the right one? :) Link to comment Share on other sites More sharing options...
Michael Posted October 17, 2006 Share Posted October 17, 2006 And could you please, for those who choose the manually update the file, add also the exact file so that I don't have to search it and can be sure, that it's the right one? :)The exact file is attached to the post. Link to comment Share on other sites More sharing options...
phinsup Posted October 17, 2006 Share Posted October 17, 2006 I dont mean to be a complainer, but in the future could you please post security updates as new topics? Especially in this case as there is a medium security update in a formerly lower security topic. I get my updates notices by subscribing to new posts in that forum. Again sorry to be a PITA, but it is a fairly important matter.Thanks Link to comment Share on other sites More sharing options...
krang Posted October 17, 2006 Share Posted October 17, 2006 oh sorry, i thought of the exact line instead of the exact file of course ;)There's just the line-number of the section where you can find the things you've to edit. Link to comment Share on other sites More sharing options...
smashIt Posted October 17, 2006 Share Posted October 17, 2006 shouldn't there be a link to reset the warning? Link to comment Share on other sites More sharing options...
sunrisecc Posted October 17, 2006 Share Posted October 17, 2006 I have the same problem. Link to comment Share on other sites More sharing options...
Steve G. Posted October 17, 2006 Share Posted October 17, 2006 shouldn't there be a link to reset the warning? +1Edit: Nasty bug >>Invision Power Board 2.2.0 RC 1 Link to comment Share on other sites More sharing options...
Buzzy fan Posted October 17, 2006 Share Posted October 17, 2006 shouldn't there be a link to reset the warning? Same for me..Buzz Link to comment Share on other sites More sharing options...
GEusDTuPEnv Posted October 17, 2006 Share Posted October 17, 2006 shouldn't there be a link to reset the warning? Some for me Link to comment Share on other sites More sharing options...
*Kari* Posted October 17, 2006 Share Posted October 17, 2006 shouldn't there be a link to reset the warning? same for me as well. :unsure: Link to comment Share on other sites More sharing options...
sully Posted October 17, 2006 Share Posted October 17, 2006 Why not created new topic about update? Since it shows up to date anyway even if not updated.Agreed. I was wondering why discussion in here started up again but took no notice. I only noticed when someone posted in 2.2 BETA Forum about it. :| Link to comment Share on other sites More sharing options...
Coastie Posted October 17, 2006 Share Posted October 17, 2006 same here.Should have been a new topic, and need to reset the ACP image Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.