Znote AAC 1.4 - [TFS 0.2.13+] & [TFS 0.3.6+/0.4]

[HalfAway]

You can edit this in the .css file extend the width.

Btw there is a vulnerability in the ZNote ACC Page.

What vulnerability exists in ZnoteAAC?

 

[GOD Suimy]

There's always vulnerability cause of good hackers.

The problem i've never solved is automatic points by paypal. BUMP

 

[HalfAway]

There's always vulnerability cause of good hackers.

The problem i've never solved is automatic points by paypal. BUMP

Yes ofcourse, but instead of just saying "There is a vulnerability" he could tell what the problem is so it can be fixed.

 

[LordVissie]

The problem i've never solved is automatic points by paypal.

Wait, Doesn't the site add the points automaticly to the account?

 

[Ray Rewind]

Yes ofcourse, but instead of just saying "There is a vulnerability" he could tell what the problem is so it can be fixed.

If I shout out the problem in this thread people can abuse it.. I want to contact the developer. It's a minor fix I can provide him.

 

[Ray Rewind]

*in javascript.

 

[Tarek]

*in javascript.

You can PM @HalfAway he is a big contributor to ZnoteAAC so he will surely fix it and put a fix on github.

 

[Ray Rewind]

You can PM @HalfAway he is a big contributor to ZnoteAAC so he will surely fix it and put a fix on github.

I did I think they will bring out a fixed version soon. I also have code improvements in style.css and .js My Site is loading alot faster now.

 

[Tony32]

You posted on your twitter about the commit to fix the security issue, yet it doesnt show any commits in october? Latest was august 19th on github

 

[Tony32]

Can't edit, just noticed the post about the security issue fixed was in 2014 x)

 

[Lerys]

my znote dont send the items to players ingame... i create new talckaction:

<talkaction words="!shop" script="znoteshop.lua"/>

and i create the talckaction znoteshop.lua:

function onSay(cid, words, param)
    local storage = 54073 -- Make sure to select non-used storage. This is used to prevent SQL load attacks.
    local cooldown = 15 -- in seconds.

    if getPlayerStorageValue(cid, storage) <= os.time() then
        setPlayerStorageValue(cid, storage, os.time() + cooldown)
        local accid = getAccountNumberByPlayerName(getCreatureName(cid))
   
        -- Create the query
        local orderQuery = db.storeQuery("SELECT `id`, `type`, `itemid`, `count` FROM `znote_shop_orders` WHERE `account_id` = " .. accid .. ";")
   
        -- Detect if we got any results
        if orderQuery ~= false then
            -- Fetch order values
            local q_id = result.getDataInt(orderQuery, "id")
            local q_type = result.getDataInt(orderQuery, "type")
            local q_itemid = result.getDataInt(orderQuery, "itemid")
            local q_count = result.getDataInt(orderQuery, "count")
            result.free(orderQuery)
       
            -- ORDER TYPE 1 (Regular item shop products)
            if q_type == 1 then
                -- Get wheight
                local playerCap = getPlayerFreeCap(cid)
                local itemweight = getItemWeightById(q_itemid, q_count)
                    if playerCap >= itemweight then
                        local delete = db.storeQuery("DELETE FROM `znote_shop_orders` WHERE `id` = " .. q_id .. ";")
                        result.free(delete)
                        doPlayerAddItem(cid, q_itemid, q_count)
                        doPlayerSendTextMessage(cid, MESSAGE_INFO_DESCR, "Congratulations! You have recieved ".. q_count .." "..getItemNameById(q_itemid).."(s)!")
                    else
                        doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "Need more CAP!")
                    end
            end
            -- Add custom order types here
            -- Type 2 is reserved for premium days and is handled on website, not needed here.
            -- Type 3 is reserved for character gender(sex) change and is handled on website as well.
            -- So use type 4+ for custom stuff, like etc packages.
            -- if q_type == 4 then
            -- end
        else
            doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "You have no orders.")
        end
   
    else
        doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_BLUE, "Can only be executed once every "..cooldown.." seconds. Remaining cooldown: ".. getPlayerStorageValue(cid, storage) - os.time())
    end
    return false
end

why dont worck the command !shop?

 

[laxante]

hello
this works for tfs 1.1?

 

[Lerys]

tfs 1.0

 

[Tony32]

Vuln fixed yet?

 

[Ray Rewind]

Vuln fixed yet?

It has not been fixed yet. It is still there and the Vuln exist since 2 years regarding to GITHub. If you want I can fix it for you. Just pm me.

 

[Colors]

It has not been fixed yet. It is still there and the Vuln exist since 2 years regarding to GITHub. If you want I can fix it for you. Just pm me.

Why don't you make a pull on Github instead of that?

 

[Znote]

Vuln fixed yet?

What Vuln?

And to other people in regard to security issues: I will update any security issue ASAP, even if I am otherwise inactive. Don't worry about posting issues on this thread. I will check it out even when I am not posting and respond to emergencies. And if I'm not I trust my loyal contributors to get in touch and either make me fix it or fix it themselves. Anyone are allowed to send pull requests to my github repository and update Znote AAC.

Also, don't be afraid to throw me a PM. However PMs here on otland will have a slow response time. I have about 50 conversations waiting to be read ATM, and right now I consider myself active for the next couple days.

But sending me a PM is a bulletproof way to notify of issues, and I will (eventually) read all conversations.

 

[Tony32]

@Znote I do not know, but some dude just earlier posted that there is a vuln and he was about to pm you or some other dev about it, maybe he didn't do it?

 

[unrivaledneo]

With a fresh install i keep getting this error when i click on forums/community

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/unrivaledneo/public_html/forum.php:2) in /home1/unrivaledneo/public_html/engine/init.php on line 23

test it at pnation.org

 

[Ray Rewind]

@Znote I do not know, but some dude just earlier posted that there is a vuln and he was about to pm you or some other dev about it, maybe he didn't do it?

I messaged @HalfAway with the vuln. and the fix about it. He said he will push it into the github.