DANGER -- WhizzyWig is seriously flawed! (Bug fix attached)

Ogredude · February 24, 2007, 01:10:23 AM

It still needs a bit of work. It's relying on the no-longer-present $smf_user_info variable.

This can be easily switched to $context['user'] but I haven't figured out how to get the ID_GROUP out of that. I'm not even exactly sure what ID_GROUP is signifying.

bloc · February 24, 2007, 11:46:17 AM

Using $user_info should have ID_GROUP present. Its the primary post-based membergroup.

I have changed it on my local site but will need to test it first.

Ogredude · April 25, 2007, 12:39:48 AM

well, the $user_info does not have ID_GROUP or ID_MEMBER at all. There is a variable $ID_MEMBER available with the user's userid, but no such luck on the group.

Since I'm not really interested in categorizing images by anything but userid, I'm just going to leave the group bit broken. I can't figure out how to get an ID_GROUP out of the system at all.

In fact, I'm rather unclear on how ID_GROUP even works. I know it's the primary membergroup. But how's that determined? If you add a user to multiple membergroups, then which one is going to show in ID_GROUP? Is there any way to predict this behavior?

bloc · April 26, 2007, 05:43:51 PM

The primary membergroup is stored in member table as ID_GROUP, while other groups are stored as comma divided list in AdditionalGroups, also in Member table.

The "primary" takes precedence, but you can of course check both fields, stored in $user_info.

Jyggafey · February 08, 2010, 03:01:55 PM

Are you still using that ssi version of the script? if yes its still pretty dangerous to keep it because you just have to register a user to upload any script you want.
I dont know why we still had that on the server tbh since its not included in the tp downloads anymore but maybe tell people that they should seriously delete it.
There is at least one guy going around exploiting that right now. It started with a scripted attack that prepended a html comment to all index.php files (doing a backup graciously) forwarding people to a russian dating site with referal id attached.
Shame on us for not keeping our server tidy tho

edit: it/he uploaded r57shell.php (adding that here for googlers to find and link the breach to WhyzzyWig faster)
edit2: just saw that you still serve it with 0.9.8

IchBin · February 08, 2010, 03:21:42 PM

Whizzywig is no longer a part of TP if you upgrade.

Jyggafey · February 08, 2010, 03:24:54 PM

well yes but its still in http://www.tinyportal.net/index.php?action=tpmod;dl=item745 which is the "stable version" isnt it?

IchBin · February 08, 2010, 05:33:09 PM

There has never been a "stable" release from TP yet. Although, many have called 0.9.8 the most stable release. As with all software, if you should stay up to date to avoid security issues.

stog · February 13, 2010, 07:07:07 PM

tp 098 smf1.1.11 - just found/deleted a recently added r57shell.php in tp-images
can you confirm that i need to delete my whizzypic.php file?
as the patched file on page 1 of this topic wasn't present but on reading this thread wouldn't prevent this

many thx

stog · February 13, 2010, 07:51:54 PM

also i have been avoiding upgrading to tinyportal10beta4 to this big forum, although i have it on newer forums. i've been keeping it because upgrade requires deleting existing version etc, but if i choose to keep it and delete the whizzy - can i simply add the fckeditor from the newer version as no fckeditor folder exists in the installation at present
many thx

Recent

User

Stats

Members

Stats

Users Online

DANGER -- WhizzyWig is seriously flawed! (Bug fix attached)

Ogredude

bloc

Ogredude

bloc

Jyggafey

IchBin

Jyggafey

IchBin

stog

stog

This website is proudly hosted on Crocweb Cloud Website Hosting.