9 月 12 2005
WWW
9 月 11 2005
WordPress 在 PHP 5.0.5 下可能會出現的問題
剛剛 Solaris 叔叔 跟我說他的 Blog 消失了.
找了一下問題之後發現這串 log :
[Sun Sep 11 19:40:49 2005] [error] [client 59.104.45.15] PHP Fatal error: Only variables can be passed by reference in ###/wp-includes/gettext.php on line 66
我針對這段作了小修改 , 原先的這段 code :
return array_shift(unpack("V", $this->STREAM->read(4)));改成這樣就恢復正常了 :
$read_int_tmp = unpack("V", $this->STREAM->read(4));
return array_shift($read_int_tmp);因為昨天晚上我把 PHP 從 5.0.4 升級到 5.0.5 , 所以這應該是 5.0.5 才會遇到的問題吧!? :shock:
更詭異的是, 我這邊跟 R 董那邊 都沒發生這個問題.
( 所以應該說是 Solaris 叔叔 帶賽? 
)
7 月 22 2005
phpBB 2.0.17 released !
主要修正有這些 :
- Added extra checks to the deletion code in privmsg.php – reported by party_fan
- Fixed XSS issue in IE using the url BBCode
- Fixed admin activation so that you must have administrator rights to activate accounts in this mode – reported by ieure
- Fixed get_username returning wrong row for usernames beginning with numerics – reported by Ptirhiik
- Pass username through phpbb_clean_username within validate_username function – AnthraX101
- Fixed PHP error in message_die function
- Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php – reported by Double_J
- Also fixed above issue in usercp_viewprofile.php
- Fixed incorrect setting of user_level on pending members if a group is granted moderator rights – reported by halochat
- Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages
- Correctly set username on posts when deleting a user from the admin panel
7 月 3 2005
Live 8 !
國內好像很少有 Blogger 提到這個活動!?
八大工業國會議即將舉行, 為了敦促工業國領袖採取行動來搶救非洲貧窮國家, 全球大串連的 Live 8 搖滾演唱會在 7 月 2 日登場, 包括英國倫敦, 美國費城, 蘇格蘭的愛丁堡, 德國柏林, 法國巴黎, 義大利羅馬, 俄國的莫斯科, 日本東京, 南非的約翰尼斯堡, 都是眾星雲集的大場面.
在 Live 8 list 與 Live 8 官網 都寫的很清楚, 活動目的只有一個 : 終止貧窮 ( Make Poverty History ) .
比較有趣的是, 這個活動在網路上蔓延的效果比傳統媒體大很多 ( 新聞在此 ) .
在 這邊 可以線上收聽, 並看到許多演唱會的精彩照片 .
而廣為 Blogger 所熟悉的 Technorati 不僅有 Technorati Live 8 這個網站來展開聲援 , 也開了一個 Live 8 tag .
除此之外, 還提供了 Live 8 Badge 讓 Blogger 取用.
當然, 我這邊也拿來用了, 效果如下 :
7 月 2 2005
phpBB 2.0.16 released !
2.0.16 有安全性修正 , 而且在最常被存取的 viewtopic.php :
$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", $highlight_match) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));改為
$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", addslashes($highlight_match)) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));更新範圍列表如下 :
- Fixed critical issue with highlighting – Discovered and fix provided by Ron van Daal
- Url descriptions able to be wrapped over more than one line again
- Fixed bug with eAccelerator in admin_ug_auth.php
- Check new_forum_id for existence in modcp.php – alessnet
- Prevent uploading avatars with no dimensions – Xpert
- Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database – HenkPoley
- Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set
5 月 31 2005
phpBB is a pain!?
前陣子在 Weblog Tools Collection 出現 這篇 .
如果是從以前就有在看我這個 Blog 的人, 應該也都看過 phpBB 的版本更新訊息.
在各種論壇系統裡面, phpBB 的效能算是很好的一套, 而且在全世界站台中, 使用的比率又很高. 於是, phpBB 便成了許多攻擊者的頭號目標 ( 樹大招風!? ) .
當然, 還是老話.
世界上沒有絕對安全的系統, 只有絕對勤勞的系統管理/維護人員.
( 不過可能已經有不少人因為這個因素而跳槽使用別的系統了. )
5 月 12 2005
phpBB 2.0.15 released !
先貼 2.0.13 跟 2.0.14 的變動 :
- Hardened author and keyword search a bit to not allow very server intensive searches
- Fixed full path disclosure in bad word parsing
- Resetting complete userdata array in session code if authentication fails
- Fixed bug in moderator control panel where certain parameters could lead to an “error creating new session” sql error
- Fixed bug in session code where empty page ids could lead to an “error creating new session” sql error
- Fixed html handling in signatures if html is turned off globally
- Fixed install.php problem with PHP5 register_long_arrays option turned off
- Fixed potential issues with styling system
- Added correct class to login_body template file
- Removed file db/oracle.php from package
- Removed version number from message body page in /admin (if user is not an admin) – mikelbeck
- Fixed case-sensitivity issues in postgres7.php – R45
2.0.15 修正了安全性問題, includes/bbcode.php 的這段 :
{
global $lang, $bbcode_tpl;下面加進這行 :
$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);另外是這段 :
*/
function make_clickable($text)
{下面加進這行 :
$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);所以總共有這些變動 :
- Fixed moderator status removal in groupcp.php
- Removed newlines after ?> on some files – Thoul
- Added admin re-authentication (admin needs to login seperatly to access the ACP) – backported from Olympus
- Fixed vulnerability in url/bbcode handling functions – PapaDos and Paul/Zhen-Xjell from CastleCops
- Fixed issue in admin/admin_forums.php
- Suppressed warning message for fsockopen in /includes/smtp.php – Thoul
- Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) – Exy
- Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
- Updated the readme file
- Added one new language variable
- Added general error if accessing profile for a non-existent user
- Changed session id generation to be more unique – Henno Joosep
- Fixed bug in highlight code to escape characters correctly
- Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
- Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
- Fixed bypassing of validate_username on registration – Yen
- Empty url/img bbcodes no longer get parsed
竹貓星球 也有這兩篇公告 :
[2005/04/25] phpBB 2.0.14 安全性修正版(包含更新檔)
[2005/05/08] phpBB 2.0.15 安全性修正版本
5 月 10 2005
WordPress 1.5.1 Released !
在 WordPress 官方網頁 已經可以下載到了, 下載頁面 .
ChangeLog 可以看到這些變動 :
# Login and feed fixes for IIS
# Faster gettext i18n
# Improved i18n string coverage
# Extended ping support
# Paging on the Manage->Posts page
# URI-safe accent stripping for all UTF-8 characters in the Latin Extended-A Unicode block
# Query string style argument list support for wp_get_links() and wp_get_linksbyname()
# Improved hierarchy listing in wp_list_pages()
# Support for a Status: theme header field that allows themes to be marked as private, publish, or draft
# Improved caching and database query reduction
# Active plugin and theme highlighting
# Plugins can now have multiple option pages
# Pingbacks now work on hosts with fopen off like Dreamhost
# Many bug fixes
另外, 在 這邊 還有更詳細的清單.
5 月 3 2005
WordPress Plugin – Twilight: AutoSave
Twilight: AutoSave 這個 plugin 有這種功能 :
This is a plugin for the admin site of things. It uses cookies and JavaScript to save the data you are typing and allow you to restore it (or delete it) later.
簡單來說, 就是當你正在打文章的過程中, 視窗不小心被關閉, 電腦當機, 或是網路異常斷線時, 這個 plugin 都能先幫你暫存起來, 讓你在重新要進行發表時選擇要不要回復原本的文章.
我在前陣子把這個 plugin 裝起來, 只是一直都沒用到.
剛剛發表 你還想買麥當勞的大薯嗎? 這篇時, 網路突然斷了.
重新開機以後, 文章發表頁面出現了這個方塊 :
點選 restore it 之後, 這個 plugin 會自動把暫存起來的標題跟內容填到表單中.
這個 plugin 的安裝方式也蠻簡單的, 下載 這個檔案 之後解壓縮, 然後把 tw-autosave.php 這個檔案塞到 wp-content/plugins/ 底下, 接下來, 啟用這個 plugin 就好了! 
9 月 21 2005
AT&T 解散 UNIX 部門…
剛剛亂爬文, 爬到 這篇 .
( 8 月中的舊聞了… 現在才爬到… orz )
在文章裡面也有提到成員們的去向 :
至於 Unix 的歷史的話, 有興趣玩玩考古學的可以看看 這篇 .
By Joe Horn • WWW 0 • Tags: AT&T, UNIX