| Author |
Message |
berlo
Joined: Apr 10, 2008
Posts: 4
|
 Posted:
Thu Apr 10, 2008 3:06 pm |
|
Hi,
In phpnuke v8.1 (and probably before) there are places where data is filtered in the following way:
[example taken from blocks.php under admin/modules line 153]:
| Code: |
$htitle = filter($row_res3['sitename'], "nohtml"); |
Now, this filtering is ruining my non-english data. It's turning the data to unreadable gibberish.
I managed to work aroud it by writing:
| Code: |
$htitle = stripslashes(check_html($row_res3['sitename'], "nohtml")); |
I would like to know if it makes thing less secure.
If so, is there another workaround?
Thanks!
Berlo
N.B. Great site! Wish I'd known it before. Great theme, too! |
| |
|
|
|
gotcha
Site Admin
Joined: Oct 25, 2004
Posts: 921
|
| Posted:
Thu Apr 10, 2008 3:20 pm |
|
It is possible you are opening up new holes by changing that code, but 8.1 is full of bugs and holes anyways. It would probably also be alot of tedious work to go through the entire nuke codebase to make all the changes. I would personally recommend that you drop 8.1 right away and install the latest version of RavenNuke from http://ravenphpscripts.com
RavenNuke is alot more secure and it probably won't mess up your non-english text. If you do have issues with language getting garbled in RavenNuke, there is a dedicated team (including myself  ) to help solve these type of problems. For phpnuke 8.1 it is one guy and good luck getting help from him. There should also be conversion scripts on the raven site to convert you from 8.1 to ravennuke.
Good Luck! |
| |
|
|
|
berlo
Joined: Apr 10, 2008
Posts: 4
|
| Posted:
Thu Apr 10, 2008 4:03 pm |
|
Hi,
First of all, thank you for the very fast answer.
I know about Raven, and I was planning to ajust it too to my language, but I preferred to start with the original nuke.
I have already changed the entire code (it's not hard if you've got the right software), so that's not an issue.
I have manualy fixed the holes of 8.1 that are known a secunia, using NukeFixed and Evaders99's posts. Are there many others?
So I came here in hope to get an accurate answer, and to know how to work around a language problem and a security one as well.
As stated above, I am planning to make RavenNuke work for my language as well, in the future.
If there is a better answer, it will be appreciated.
Thanks again for this great site, and for the ultra-fast reply!
Berlo |
| |
|
|
|
berlo
Joined: Apr 10, 2008
Posts: 4
|
| Posted:
Fri Apr 11, 2008 9:49 am |
|
|
|
|
Guardian
Joined: Dec 09, 2006
Posts: 335
|
| Posted:
Sat Apr 12, 2008 5:24 am |
|
For what it is worth there are a number of security fixes in RavenNuke which were never disclosed publicly.
Those exploits were not released because it meant more nuke sites would get hacked due to the original author not including security fixes in his releases.
As far as I am aware. phpNuke is no longer being developed by the original author and neither is the original source code from which phpNuke evolved - Thatware. |
_________________
Code Authors Nuke Reviews |
|
|
|
|
|
NukeCoder
