Montego Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic
Author Message
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1393

PostPosted: Tue Aug 16, 2005 10:58 pm Reply with quote

Although I do not recommend running Nuke without the latest patch levels, which in some cases, may mean having to upgrade to a newer version of nuke (patch levels are no longer being maintained below 7.1 it appears). You can try and make the following edits to certain HTML_Newsletter scripts:

NOTE: in all of the below examples, if you find the following bit of code at the top of the HTML Newsletter php script, do NOT REPLACE IT!!!

Code:

if ( !defined('NW_HNL_LOADED') )
{
   die("Illegal File Access");
}


Leave the above code alone, as it is properly protecting lower level, called scripts.

======================
Ok, here we go with the mods...

In block-HTML_Newsletter.php:

Find (or whatever your version of HTML Newsletter has that is similar at the top of the script):

Code:

if ( !defined('NUKE_FILE') ) {
   if ( !defined('BLOCK_FILE') ) {
      Header("Location: index.php");
      die();
   }
}


Replace with:

Code:

if (stristr($_SERVER['SCRIPT_NAME'], "block-HTML_Newsletter.php")) {
    Header("Location: ../index.php");
    die();
}


Within all files (admin related), check for the following code at the top:

Code:

if ( !defined('ADMIN_FILE') )
{
   die("Illegal File Access");
}


If this code is found, replace with:

Code:

if (!stristr($_SERVER['SCRIPT_NAME'], "admin.php")) { die ("Access Denied"); }


In all module files (not admin related), find:

Code:

if ( !defined('MODULE_FILE') )
{
   die("Illegal File Access");
}


And replace with:

Code:

if (!stristr($_SERVER['SCRIPT_NAME'], "modules.php")) {
    die ("You can't access this file directly...");
}


Hope this helps, but I take no responsibility for running with an older version of nuke on an older, less protected, patch level. You have been warned!

Smile

Regards,
montego

_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins 
View user's profile Send private message Visit poster's website
Storebuilder
Newbie
Newbie



Joined: Aug 17, 2005
Posts: 2

PostPosted: Wed Aug 17, 2005 5:03 am Reply with quote

Hi Montego,

I started making the changes going through each file one by one.

What should I do with this:

if (!defined('NW_HNL_LOADED')) {
if (!defined('NUKE_FILE')) {
if (!defined('MODULE_FILE')) {
if (!defined('ADMIN_FILE')) {
die("Illegal File Access");
}
}
}
}
 
View user's profile Send private message
Guardian
Site Admin
Site Admin



Joined: Jul 18, 2005
Posts: 401

PostPosted: Wed Aug 17, 2005 6:41 am Reply with quote

You could try
Code:
if ( !defined('NW_HNL_LOADED') )
{
   die("Illegal File Access - You tried to access the module directly");
}
if (stristr($_SERVER['SCRIPT_NAME'], "block-HTML_Newsletter.php")) {
    Header("Location: ../index.php");
    die(Illegal file access - you tried to access this file outside of the block);
}
if (!stristr($_SERVER['SCRIPT_NAME'], "modules.php")) {
    die ("You can't access this file module index.php directly...");
}
if (!stristr($_SERVER['SCRIPT_NAME'], "admin.php")) { die ("Access Denied - you do not have permission to access the admin file or are not logged in");
}
 
View user's profile Send private message
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1393

PostPosted: Wed Aug 17, 2005 8:29 pm Reply with quote

I had forgotten about that one! Ugly. I have been thinking of changing that one. I would do as Guardian has suggested. I was about to say take it out altogether, but then found it also in the NW_HNL_GetConfig.php script too. You can remove the code from NW_HNL_Functions.php with no added risk, but do as Guardian has suggested for the other one.

I am going to get rid of the GetConfig.php script in 1.3 and replace with a function within Functions.php. This will eliminate this ugly IF statement.

Thanks Guardian for the "assist"!

montego

_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins 
View user's profile Send private message Visit poster's website
Guardian
Site Admin
Site Admin



Joined: Jul 18, 2005
Posts: 401

PostPosted: Thu Aug 18, 2005 11:55 am Reply with quote

Not much of an 'assist' Wink - I just used the examples you had already posted and altered the error message itself accordingly - it is pretty meaningless for a message to say 'its broken', I personally prefer something that gives me a clue what might be wrong/which file was misbehaving but then my site is about 200Meg in size so all the help it can give me the better Smile.
 
View user's profile Send private message
Storebuilder
Newbie
Newbie



Joined: Aug 17, 2005
Posts: 2

PostPosted: Mon Aug 22, 2005 7:15 am Reply with quote

Thanks for your help guys. I'll see if I can get it working today.
 
View user's profile Send private message
Guardian
Site Admin
Site Admin



Joined: Jul 18, 2005
Posts: 401

PostPosted: Fri Aug 26, 2005 2:50 pm Reply with quote

Did you get it working?
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 4 Hours
 
Forums ©