Mystics
Mon 29th Apr '02, 2:50pm
Hi,
there is a Security Hole within the forumjump & standarderror function.
If you have the Load limiting options enabled, and the load and/or the simultaneous sessions are above the maximum you specified, the members get the standarderror with the error_toobusy Template.
Nothing special yet, I know, but the standarderror-Template also includes the Forumjump Drop-Down-List, and if you have any private Forums, they are all shown in the Forumjump Menu because the Permissions are not being checked while the the load is above the limit ($servertoobusy=1).
I also have tried to make a fix (I call it bug fix, not Hack :rolleyes: ), please confirm if that's correct:
Open admin/functions.php and find (within the standarderror-function - approx. line 540):
makeforumjump();
and replace it with:
global $servertoobusy;
if (!$servertoobusy) {
makeforumjump();
}Greetz fly out to reneder who detected this bug.
Bye,
Mystics
there is a Security Hole within the forumjump & standarderror function.
If you have the Load limiting options enabled, and the load and/or the simultaneous sessions are above the maximum you specified, the members get the standarderror with the error_toobusy Template.
Nothing special yet, I know, but the standarderror-Template also includes the Forumjump Drop-Down-List, and if you have any private Forums, they are all shown in the Forumjump Menu because the Permissions are not being checked while the the load is above the limit ($servertoobusy=1).
I also have tried to make a fix (I call it bug fix, not Hack :rolleyes: ), please confirm if that's correct:
Open admin/functions.php and find (within the standarderror-function - approx. line 540):
makeforumjump();
and replace it with:
global $servertoobusy;
if (!$servertoobusy) {
makeforumjump();
}Greetz fly out to reneder who detected this bug.
Bye,
Mystics