well problem is only on ngix ?
Yes, this problem is only in nginx php parser.
;ss
well problem is only on ngix ?
Yes, this problem is only in nginx php parser.
Yes, i create with widnet new custom project hardened gesior AAC. I need great ideas, and creative people.
$guild_logo = $guild->getCustomField('logo_gfx_name'); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";
foreach (array("/", "\\", "..") as $char) {
$guild_logo = str_replace($char, "", $guild->getCustomField('logo_gfx_name'));
}
if (empty($guild_logo) || !file_exists("guilds/".$guild_logo)) {
$guild_logo = "default_logo.gif";
}
Solution for guilds.php
Replace:
PHP:$guild_logo = $guild->getCustomField('logo_gfx_name'); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";
With this:
PHP:foreach (array("/", "\\", "..") as $char) { $guild_logo = str_replace($char, "", $guild->getCustomField('logo_gfx_name')); } if (empty($guild_logo) || !file_exists("guilds/".$guild_logo)) { $guild_logo = "default_logo.gif"; }
This will remove "/", "\" and ".." from the guild_logo name. Now it should be impossible to hack gesiors AAC through guilds.php this way.
Credits to stian for the idea.
Concerning Gesiors AAC in general, I think it's the most bad scripted and screwed up project ever. No offense to Gesior, he helped a lot of people. But it's still a dangerous cancer in the OT community. People wont leave it because no one is doing anything better. Talaturens CMS is a good start, but it's still incomplete. It doesn't have all the features that Gesiors AAC has.
Imo, get rid of this AAC. Stop scripting new features for it. Move on to something better.
There is already my AAC maker in development, which could be already used but it's not fully finished, there is also Marlex AAC which will be relased soon. So there will be 2 good AAC makers to choose from.
Well I dont think people would trust you and download your "new project"... I wouldntDulin said:Yes, i create with widnet new custom project hardened gesior AAC. I need great ideas, and creative people.
ye? why do people still trust widnet? ...Well I dont think people would trust you and download your "new project"... I wouldnt
ye? why do people still trust widnet? ...
Yes, Gesior never be safe without anti stupid people system.Because everyone is using Gesior and they think 'oh, everyone is using it, it must be safe!'
Because everyone is using Gesior and they think 'oh, everyone is using it, it must be safe!'
Well, I wrote (as a joke tho) that they should have a IQ test as part of the installation process. When thinking some extra about it; it might solve some issues.
What do you mean by eqshower?(I guess in sig you mean using the get as char name? but in eqshower I cannot find anything)signatur.php and the eq shower script, too.
Ye, also you were fooled too cuz your "team" is adding exploit you gesior aac so they can hack any server without including you. I got fooled once but you're being fooled right now and more and more by the day..Noobshoot said:i thought you were the fool, since you were hax recently be careful with exploits
ye? why do people still trust widnet? ...
well, two nice aacs will be great, but fixing gesior wont hurt too I think(all the time before new ones release gesior will be used so...)
but well, I guess no svn should be used, just this topic with: bug and ideas how to solve it(just if you found anythink or know how to fix some known bug post it)(whole community projects that YOU re updating with new features YOURSELF are probably most safe etc)
What do you mean by eqshower?(I guess in sig you mean using the get as char name? but in eqshower I cannot find anything)