9 月 12 2005
WWW
9 月 11 2005
WordPress 在 PHP 5.0.5 下可能會出現的問題
剛剛 Solaris 叔叔 跟我說他的 Blog 消失了.
找了一下問題之後發現這串 log :
[Sun Sep 11 19:40:49 2005] [error] [client 59.104.45.15] PHP Fatal error: Only variables can be passed by reference in ###/wp-includes/gettext.php on line 66
我針對這段作了小修改 , 原先的這段 code :
return array_shift(unpack("V", $this->STREAM->read(4)));
改成這樣就恢復正常了 :
$read_int_tmp = unpack("V", $this->STREAM->read(4)); return array_shift($read_int_tmp);
因為昨天晚上我把 PHP 從 5.0.4 升級到 5.0.5 , 所以這應該是 5.0.5 才會遇到的問題吧!? :shock:
更詭異的是, 我這邊跟 R 董那邊 都沒發生這個問題.
( 所以應該說是 Solaris 叔叔 帶賽? )
7 月 22 2005
phpBB 2.0.17 released !
主要修正有這些 :
- Added extra checks to the deletion code in privmsg.php – reported by party_fan
- Fixed XSS issue in IE using the url BBCode
- Fixed admin activation so that you must have administrator rights to activate accounts in this mode – reported by ieure
- Fixed get_username returning wrong row for usernames beginning with numerics – reported by Ptirhiik
- Pass username through phpbb_clean_username within validate_username function – AnthraX101
- Fixed PHP error in message_die function
- Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php – reported by Double_J
- Also fixed above issue in usercp_viewprofile.php
- Fixed incorrect setting of user_level on pending members if a group is granted moderator rights – reported by halochat
- Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages
- Correctly set username on posts when deleting a user from the admin panel
7 月 3 2005
Live 8 !
國內好像很少有 Blogger 提到這個活動!?
八大工業國會議即將舉行, 為了敦促工業國領袖採取行動來搶救非洲貧窮國家, 全球大串連的 Live 8 搖滾演唱會在 7 月 2 日登場, 包括英國倫敦, 美國費城, 蘇格蘭的愛丁堡, 德國柏林, 法國巴黎, 義大利羅馬, 俄國的莫斯科, 日本東京, 南非的約翰尼斯堡, 都是眾星雲集的大場面.
在 Live 8 list 與 Live 8 官網 都寫的很清楚, 活動目的只有一個 : 終止貧窮 ( Make Poverty History ) .
比較有趣的是, 這個活動在網路上蔓延的效果比傳統媒體大很多 ( 新聞在此 ) .
在 這邊 可以線上收聽, 並看到許多演唱會的精彩照片 .
而廣為 Blogger 所熟悉的 Technorati 不僅有 Technorati Live 8 這個網站來展開聲援 , 也開了一個 Live 8 tag .
除此之外, 還提供了 Live 8 Badge 讓 Blogger 取用.
當然, 我這邊也拿來用了, 效果如下 :
7 月 2 2005
phpBB 2.0.16 released !
2.0.16 有安全性修正 , 而且在最常被存取的 viewtopic.php :
$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", $highlight_match) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));
改為
$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", addslashes($highlight_match)) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));
更新範圍列表如下 :
- Fixed critical issue with highlighting – Discovered and fix provided by Ron van Daal
- Url descriptions able to be wrapped over more than one line again
- Fixed bug with eAccelerator in admin_ug_auth.php
- Check new_forum_id for existence in modcp.php – alessnet
- Prevent uploading avatars with no dimensions – Xpert
- Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database – HenkPoley
- Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set
5 月 31 2005
phpBB is a pain!?
前陣子在 Weblog Tools Collection 出現 這篇 .
如果是從以前就有在看我這個 Blog 的人, 應該也都看過 phpBB 的版本更新訊息.
在各種論壇系統裡面, phpBB 的效能算是很好的一套, 而且在全世界站台中, 使用的比率又很高. 於是, phpBB 便成了許多攻擊者的頭號目標 ( 樹大招風!? ) .
當然, 還是老話.
世界上沒有絕對安全的系統, 只有絕對勤勞的系統管理/維護人員.
( 不過可能已經有不少人因為這個因素而跳槽使用別的系統了. )
5 月 12 2005
phpBB 2.0.15 released !
先貼 2.0.13 跟 2.0.14 的變動 :
- Hardened author and keyword search a bit to not allow very server intensive searches
- Fixed full path disclosure in bad word parsing
- Resetting complete userdata array in session code if authentication fails
- Fixed bug in moderator control panel where certain parameters could lead to an “error creating new session” sql error
- Fixed bug in session code where empty page ids could lead to an “error creating new session” sql error
- Fixed html handling in signatures if html is turned off globally
- Fixed install.php problem with PHP5 register_long_arrays option turned off
- Fixed potential issues with styling system
- Added correct class to login_body template file
- Removed file db/oracle.php from package
- Removed version number from message body page in /admin (if user is not an admin) – mikelbeck
- Fixed case-sensitivity issues in postgres7.php – R45
2.0.15 修正了安全性問題, includes/bbcode.php 的這段 :
{ global $lang, $bbcode_tpl;
下面加進這行 :
$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);
另外是這段 :
*/ function make_clickable($text) {
下面加進這行 :
$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);
所以總共有這些變動 :
- Fixed moderator status removal in groupcp.php
- Removed newlines after ?> on some files – Thoul
- Added admin re-authentication (admin needs to login seperatly to access the ACP) – backported from Olympus
- Fixed vulnerability in url/bbcode handling functions – PapaDos and Paul/Zhen-Xjell from CastleCops
- Fixed issue in admin/admin_forums.php
- Suppressed warning message for fsockopen in /includes/smtp.php – Thoul
- Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) – Exy
- Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
- Updated the readme file
- Added one new language variable
- Added general error if accessing profile for a non-existent user
- Changed session id generation to be more unique – Henno Joosep
- Fixed bug in highlight code to escape characters correctly
- Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
- Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
- Fixed bypassing of validate_username on registration – Yen
- Empty url/img bbcodes no longer get parsed
竹貓星球 也有這兩篇公告 :
[2005/04/25] phpBB 2.0.14 安全性修正版(包含更新檔)
[2005/05/08] phpBB 2.0.15 安全性修正版本
5 月 10 2005
WordPress 1.5.1 Released !
在 WordPress 官方網頁 已經可以下載到了, 下載頁面 .
ChangeLog 可以看到這些變動 :
# Login and feed fixes for IIS
# Faster gettext i18n
# Improved i18n string coverage
# Extended ping support
# Paging on the Manage->Posts page
# URI-safe accent stripping for all UTF-8 characters in the Latin Extended-A Unicode block
# Query string style argument list support for wp_get_links() and wp_get_linksbyname()
# Improved hierarchy listing in wp_list_pages()
# Support for a Status: theme header field that allows themes to be marked as private, publish, or draft
# Improved caching and database query reduction
# Active plugin and theme highlighting
# Plugins can now have multiple option pages
# Pingbacks now work on hosts with fopen off like Dreamhost
# Many bug fixes
另外, 在 這邊 還有更詳細的清單.
9 月 21 2005
AT&T 解散 UNIX 部門…
剛剛亂爬文, 爬到 這篇 .
( 8 月中的舊聞了… 現在才爬到… orz )
在文章裡面也有提到成員們的去向 :
至於 Unix 的歷史的話, 有興趣玩玩考古學的可以看看 這篇 .
分享此文:
By Joe Horn • WWW • Tags: AT&T, UNIX