phpBB WordPress 2.2.3 !important fix security bug on page-forum

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Maximum filesize per attachment: 1 MiB.

Expand view Topic review: phpBB WordPress 2.2.3 !important fix security bug on page-forum

Re: phpBB WordPress 2.2.3 !important fix security bug on page-forum

by Dysphoria » Sun Feb 23, 2020 12:39 pm

I'll look for it, but I don't know which setting that could be. Don't see anything out of the ordinary in wp.
.htaccess could be the one doing this, but than I need another code to force https.

The redirecting to the loginpage is intentional. :)

Re: phpBB WordPress 2.2.3 !important fix security bug on page-forum

by axew3 » Sun Feb 23, 2020 8:07 am

Dysphoria wrote: Sun Feb 23, 2020 12:56 am This fixed my problem, thank you!
No!
unfortunately, you still have this into last topics urls widget (you refer to this)
viewtopic.php?f=2&t=1498
links into widget still return something like:

Code: Select all

https://talkatastic.be/index.php/index.php/forum/?forum_id=15&topic_id=59&post_id=343#p343
the /index.php/index.php/ still is there, and caused by some setting (i assume) that should be changed somewhere into your WordPress, or htaccess or server settings.
should be

Code: Select all

https://talkatastic.be/index.php/forum/?forum_id=15&topic_id=59&post_id=343#p343
or

Code: Select all

https://talkatastic.be/forum/?forum_id=15&topic_id=59&post_id=343#p343
Redirect flow works by the way, but urls result into your widget isn't still correct (and when you point to a topic/post, you're redirected to login page in phpBB, that's maybe due to some other setting into phpBB? Is this what you want?)
If i will note somewhere something that will remind me to your solution i will report you, please do the the same if you discover where the problem is in the while.

Re: phpBB WordPress 2.2.3 !important fix security bug on page-forum

by Dysphoria » Sun Feb 23, 2020 12:56 am

This fixed my problem, thank you!

Re: phpBB WordPress 2.2.3 !important fix security bug on page-forum

by axew3 » Sat Feb 22, 2020 6:36 pm

Open main WP_w3all plugin page, click into
Create/Rebuild WP_w3all phpBB Page Template button
this will rebuild the page-forum(or whatever named) into the wp active template folder.

If you want to do it manually, just follow instructions on how to update, following just the part about copy/paste the page
https://www.axew3.com/w3/2020/01/phpbb- ... iframe-v5/

If you want to edit into a page-forum that you hardly modified and do not want loose time:

this code

Code: Select all

if( isset($_GET["w3"]) ){ // default
 $phpbb_url = trim(base64_decode($_GET["w3"]));
 $w3all_url_to_cms = $w3all_url_to_cms . '/' . $phpbb_url;
	 if( preg_match('/[^-0-9A-Za-z\._#\:\?\/=&%]/ui',$phpbb_url) ){
    $w3all_url_to_cms = $w3all_url_to_cms;
   }
} elseif ( isset($_GET[$w3all_iframe_custom_w3fancyurl]) && empty($w3forum_id) ){ //fancy
 $phpbb_url = trim(base64_decode($_GET[$w3all_iframe_custom_w3fancyurl]));
 $w3all_url_to_cms = $w3all_url_to_cms . '/' . $phpbb_url;
	 if( preg_match('/[^-0-9A-Za-z\._#\:\?\/=&%]/ui',$phpbb_url) ){
    $w3all_url_to_cms = $w3all_url_to_cms;
   }
}
need to be replaced by this:

Code: Select all

// security/switch
$w3all_url_to_cms0 = $w3all_url_to_cms;

if( isset($_GET["w3"]) && empty($w3forum_id) ){ // default
 $phpbb_url = trim(base64_decode($_GET["w3"]));
 $w3all_url_to_cms = $w3all_url_to_cms . '/' . $phpbb_url;
	 if( preg_match('/[^-0-9A-Za-z\._#\:\?\/=&%]/ui',$phpbb_url) ){
    $w3all_url_to_cms = $w3all_url_to_cms0;
   }
} elseif ( isset($_GET[$w3all_iframe_custom_w3fancyurl]) && empty($w3forum_id) ){ //fancy
 $phpbb_url = trim(base64_decode($_GET[$w3all_iframe_custom_w3fancyurl]));
 $w3all_url_to_cms = $w3all_url_to_cms . '/' . $phpbb_url;
	 if( preg_match('/[^-0-9A-Za-z\._#\:\?\/=&%]/ui',$phpbb_url) ){
    $w3all_url_to_cms = $w3all_url_to_cms0;
   }
}

Re: phpBB WordPress 2.2.3 !important fix security bug on page-forum

by muti » Sat Feb 22, 2020 6:18 pm

Update as soon page-forum rebuilding it on plugin admin, or manually substituting it
What exact need to do ?

phpBB WordPress 2.2.3 !important fix security bug on page-forum

by axew3 » Sat Feb 22, 2020 5:53 pm

Code: Select all

== Changelog ==

= 2.2.3 =
*Release Date - 22 Feb, 2020*
* Fix: (iframe) page-forum.php security bug
* !important: Update as soon page-forum rebuilding it on plugin admin, or manually substituting it
* Fix: (iframe) page-forum.php: default /wp-content/plugins/wp-w3all-phpbb-integration/addons/page-forum.php has been updated again (and definitively fixed) to correctly process urls, if url coming from a click into WP widgets. To update to the latest page-forum, rebuild it into plugin admin or manually replace with the new one of this release: https://www.axew3.com/w3/2020/01/phpbb-wordpress-template-integration-iframe-v5/
* Fix: PHP Notice: Undefined variable: topics_x_ugroup ON class.wp.w3all-phpbb.php on line 2161 
* Fix: secondary notice error on line 1185 class.wp.w3all-phpbb.php
* Fix: the 'Transfer phpBB Users into WordPress' option
* ADD: single phpBB user addition into WordPress option into the 'Transfer phpBB Users into WordPress' page
* Fix: more important fixes
* Notice: Update as soon and report bugs!

Top