Welcome, Guest. Please Login or Register.
March 29, 2024, 07:05:26 AM
Home Help Search Log in Register
News: If you are still using YaBB SE, please consider upgrading to SMF as soon as possible.

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  YaBB SE 1.5.5 Released! « previous next »
Pages: 1 ... 3 4 [5] 6 7 Reply Ignore Print
Author Topic: YaBB SE 1.5.5 Released!  (Read 344541 times)
Peter Duggan
Llama Chameleon
Global Moderator
YaBB God
*****
Posts: 1793


You come and go...

WWW
Re:YaBB SE 1.5.5 Released!
« Reply #60 on: January 20, 2004, 11:06:32 PM »
Reply with quote

Quote from: ferdz on January 20, 2004, 10:51:47 PMYou have started YaBB SE and gathered a thousands of people to use this software. Now you want people pay for SMF to be able to download? Wow!

Quote
Elegant. Effective. Powerful. Free. SMF is all of the above.

I don't think it is free.

http://www.simplemachines.org/community/index.php?topic=5134 ::)
Logged

charlottezweb
Sr. Member
****
Posts: 446


charlottezweb.com

ICQ - 101387162 WWW
Re:YaBB SE 1.5.5 Released!
« Reply #61 on: January 20, 2004, 11:11:34 PM »
Reply with quote

damn, beat me to it...  

;D
Logged

"yabb-sense makes the heart grow fonder"
-----------------------------------------------------
Charlottezweb.com
Reliable, well-supported & affordable hosting and design.  Free Yabbse installs.
wehbee
Noobie
*
Posts: 8


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #62 on: January 21, 2004, 02:34:26 AM »
Reply with quote

 Hi!

I am using YaBB SE 1.5.5

How can i install Turkish Language  ???
Logged
Winters
Jr. Member
**
Posts: 88


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #63 on: January 21, 2004, 07:50:25 PM »
Reply with quote

QuoteThis error is caused by not having Packages and its contents chmod'd to 777.

Thx, the error is gone. I still ended up using boardmod and btw., I didn't lose my mods ;)
Logged
Winters
Jr. Member
**
Posts: 88


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #64 on: January 22, 2004, 08:09:41 PM »
Reply with quote

wehbee, I just remembered your question when I stumbled across sourgeforce... I may be mistaken, but it looks like there is not Turkish translation available yet:
http://www.yabbse.org/download.php
Logged
Terragen
Noobie
*
Posts: 21


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #65 on: January 22, 2004, 08:15:50 PM »
Reply with quote

Does this fix the security vulnerability where people can read your cookies (ie: get your password) if you allow users to upload files?
Logged
[Unknown]
Global Moderator
YaBB God
*****
Posts: 7830


ICQ - 179721867unknownbrackets@hotmail.com WWW
Re:YaBB SE 1.5.5 Released!
« Reply #66 on: January 22, 2004, 08:19:44 PM »
Reply with quote

No, that is fixed by not allowing them to upload PHP, Javascript, or HTML code.

It is also fixed in SMF without this requirement.

-[Unknown]
Logged
Terragen
Noobie
*
Posts: 21


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #67 on: January 22, 2004, 08:46:40 PM »
Reply with quote

Quote from: [Unknown] on January 22, 2004, 08:19:44 PM
No, that is fixed by not allowing them to upload PHP, Javascript, or HTML code.

It is also fixed in SMF without this requirement.

-[Unknown]

Well you'd have to totally disable the upload feature unless the code is changed to do some type checking.

You can rename a html file .jpg and then do an <img> tag inside. the uploaded jpg (really html) will not display
but if you make another post and link to it then it will open up and you will see the image and not realize its really an html page showing you a jpg while stealing your cookie information. (This might only work on IE though - I haven't really extensively tested it - just know that its a problem).
Logged
[Unknown]
Global Moderator
YaBB God
*****
Posts: 7830


ICQ - 179721867unknownbrackets@hotmail.com WWW
Re:YaBB SE 1.5.5 Released!
« Reply #68 on: January 22, 2004, 08:51:01 PM »
Reply with quote

There's no real way to fix this except for checking if any file has "<script>" in it and then removing it... which doesn't seem a very simple solution.

SMF, however, fixes it more elegantly.  I recommend you turn off the feature for now, until SMF is released - if you are worried.

-[Unknown]
Logged
Lyne
Noobie
*
Posts: 1


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #69 on: January 23, 2004, 09:21:17 AM »
Reply with quote

Just to check that I've not been done over in a more fundamental way, this exploit - would it theoretically permit someone to replace the index.php with a link to a brazillian hackers JPEG of a worryingly deformed George Bush? :)

Just wanted to check ;D
Logged
marcnyc
Full Member
***
Posts: 137


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #70 on: January 23, 2004, 09:20:47 PM »
Reply with quote

This might sound like a stupid question but I am really curious as to how to update from 1.5.4 to 1.5.5. I downloaded the .mod file from sourceforge, how do I use it? I tried downloading BoardMod because I assumed that's what I needed but I get nowhere from there and besides BoardMod says it is only for YaBB SE versions up to 1.5.1. Can somebody clarify?
Logged
Peter Duggan
Llama Chameleon
Global Moderator
YaBB God
*****
Posts: 1793


You come and go...

WWW
Re:YaBB SE 1.5.5 Released!
« Reply #71 on: January 23, 2004, 09:33:51 PM »
Reply with quote

Quote from: [Unknown] on January 18, 2004, 01:09:41 AM
You can apply the patch with the package manager.  Here's how:

First, go into your admin center.  Now click "YaBBpak Center" under "Forum Controls".  Choose "[ Download new YaBBpaks ]".

If you see "yabbse.org Bugs" in the list, click on "[ Browse ]" next to it.  Otherwise, type "yabbse.org Bugs" in for the server name, and "http://www.yabbse.org/packages/bugs" for the URL. (no slash at the end!)  Now, click on "[ Browse ]" next to it

You should see a list of fixes.  Find the section for the version you currently have installed, and pick the mod titled "YaBB SE YOUR VERSION to YaBB SE 1.5.5 Update" and click "[ Download ]".

Now click "[ Back ]" and then "[ Back ]".  Now click "[ Browse YaBBpaks ]".

Find the mod you downloaded in the list. (it might be the only thing in there...)  Click the "[ Apply Mod ]" next to it.

Click "[ Proceed ]".  Then, "[ Test (recommended) ]".

For every file listed in large print, find it in your FTP.  Make sure it is, TEMPORARILY chmod'd to 777.  This makes it so the package manager can update them.  You will also need to make the folders they are in 777 so it can make backups.

If you don't get any "not found" errors, it should install properly.  Click "[ Apply Mod ]".  If you get any errors, you probably forgot to chmod something to 777.

Afterward, you may wish to chmod things back to 755.  You can read my opinion on this subject here:
http://www.simplemachines.org/community/index.php?topic=2987.0

-[Unknown]
Logged

marcnyc
Full Member
***
Posts: 137


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #72 on: January 23, 2004, 10:37:10 PM »
Reply with quote

Thanks a lot for claryfing... It would have been great if a readme came with the file that you can download from the download page, but anyway, thanks for the instructions... It seems to be extremely easy and well thought out... I can't seem to change my permissions to 777 but I guess that's a host-related thing so I should ask my host... Thanks again.
Logged
marcnyc
Full Member
***
Posts: 137


I'm a llama!

Re:YaBB SE 1.5.5 Released!
« Reply #73 on: January 23, 2004, 11:26:41 PM »
Reply with quote

Ok I resolved the issue with my host and I am not able to change the permissions to 777 but I still get an error from the script:

2: Unable to create 'index.php~': Permission denied


Any suggestions?
Logged
Peter Duggan
Llama Chameleon
Global Moderator
YaBB God
*****
Posts: 1793


You come and go...

WWW
Re:YaBB SE 1.5.5 Released!
« Reply #74 on: January 24, 2004, 01:31:25 AM »
Reply with quote

If you really mean you're 'not able to change the permissions to 777', it's not surprising you're still getting errors. But you should still have the option of downloading the necessary files from your site, making the changes manually (more tedious than difficult!) and uploading them again... :-\
Logged

Pages: 1 ... 3 4 [5] 6 7 Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  YaBB SE 1.5.5 Released! « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.033 seconds with 19 queries.