Joe Horn 的啟示錄

先貼 2.0.13 跟 2.0.14 的變動 :

Hardened author and keyword search a bit to not allow very server intensive searches

Fixed full path disclosure in bad word parsing

Resetting complete userdata array in session code if authentication fails

Fixed bug in moderator control panel where certain parameters could lead to an “error creating new session” sql error

Fixed bug in session code where empty page ids could lead to an “error creating new session” sql error

Fixed html handling in signatures if html is turned off globally

Fixed install.php problem with PHP5 register_long_arrays option turned off

Fixed potential issues with styling system

Added correct class to login_body template file

Removed file db/oracle.php from package

Removed version number from message body page in /admin (if user is not an admin) – mikelbeck

Fixed case-sensitivity issues in postgres7.php – R45

2.0.15 修正了安全性問題 :

includes/bbcode.php 的這段 :
{
global $lang, $bbcode_tpl;
下面加進這行 :
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\1:", $text);
另外是這段 :
*/
function make_clickable($text)
{
下面加進這行 :
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\1:", $text);

所以總共有這些變動 :

Fixed moderator status removal in groupcp.php

Removed newlines after ?> on some files – Thoul

Added admin re-authentication (admin needs to login seperatly to access the ACP) – backported from Olympus

Fixed vulnerability in url/bbcode handling functions – PapaDos and Paul/Zhen-Xjell from CastleCops

Fixed issue in admin/admin_forums.php

Suppressed warning message for fsockopen in /includes/smtp.php – Thoul

Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) – Exy

Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)

Updated the readme file

Added one new language variable

Added general error if accessing profile for a non-existent user

Changed session id generation to be more unique – Henno Joosep

Fixed bug in highlight code to escape characters correctly

Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.

Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file

Fixed bypassing of validate_username on registration – Yen

Empty url/img bbcodes no longer get parsed

竹貓星球 也有這兩篇公告 :
[2005/04/25] phpBB 2.0.14 安全性修正版(包含更新檔)
[2005/05/08] phpBB 2.0.15 安全性修正版本

這幾天網路上的當紅話題大概是這兩個吧!?

爺爺您回來了

很壞很壞的駭客

不過蠻有趣的狀況是, 爺爺, 您回來了 普遍流傳在 Blog 與 BBS 界 , 而且後來還出現了很多種 Kuso 應用, 有人改成 爺爺, 您別回來了 , 也有人轉成 MP3 , 還拿來當手機鈴聲! XD

至於 很壞很壞的駭客 , 則是在論壇上面流傳, 至少我已經看到 這 三 個 地方都有了.
而當初丟出這個笑話的 stophiphop.de 還推出這件 T-shirt :

購物頁面在 這 .
不過, 價格稍微貴了點…XD

沒錯! 跟上次一樣…

我剛剛被踢出來, 然後現在登不進去了!! =_=

不知啥時會修好… XD

升級的方式可以參考 這篇 .

值得注意的是, 1.5.1 的 feeds 會爛掉, 目前看到普遍的作法是修改 wp-blog-header.php 的第 138 行, 把這段 :

((strtotime($client_last_modified) >= strtotime($wp_last_modified)) || ($client_etag $wp_etag)) ) {

改成 :

($client_last_modified && (strtotime($client_last_modified) >= strtotime($wp_last_modified)) || ($client_etag $wp_etag)) ) {

如果您有 shell login 的話可以直接在 WordPress 1.5.1 的根目錄下用兩行指令作修改 :

wget http://www.joehorn.idv.tw/patch/wp-1.5.1-feeds.diff.txt
patch < wp-1.5.1-feeds.diff.txt

另外, 因為 1.5.1 的速度快很多 ( SQL query 次數減少了 ) , 所以我也沒裝 WP-cache 了.
如果您覺得還有需要的話, WP-cache 目前最新版本是 2.0 , 連結在這 .

剛剛翻 FreeBSD/i386 5.4-RELEASE Release Notes , 看到這幾條 :

Ethernet flow control is now disabled by default in the fxp(4) driver, to prevent problems with a system panics or is left in the kernel debugger.

這個好像是要解決我之前在 IP 被衝就 Hang 住!? O_O 講的那個問題!?

The ipfw(8) ipfw fwd rule now supports the full packet destination manipulation when the kernel option options IPFIREWALL_FORWARD_EXTENDED is specified in addition to options IPFIREWALL_FORWARD. This kernel option disables all restrictions to ensure proper behavior for locally generated packets and allows redirection of packets destined to locally configured IP addresses. Note that ipfw(8) rules have to be carefully crafted to make sure that things like PMTU discovery do not break.

這個就不是很清楚了, 不過我們某台 Proxy ( FreeBSD 5.3 ) 使用 ipfw fwd 上面有很大的問題.

升成 5.4 看看好了.. orz

剛剛看到 Longhorn驚喜：死亡紅幕 .

軟體業霸主微軟公司將在下一版的Windows作業系統，為傳奇的「死亡藍幕」（Blue Screen of Death）提供一個獨特的解決方案 – 「死亡紅幕」。

正在測試Longhorn系統的微軟技術人員兼網誌作者Michael Kaplan表示，除了死亡藍幕之外，使用者還將面對紅色威脅。Kaplan說，「死亡紅幕」比「死亡藍幕」更上一層，代表你的電腦發生更嚴重、更致命的錯誤。
我看, 直接 show 個核爆動畫算了……. =_=