PDA

View Full Version : PhpDig Version 1.8.5 Released


Charter
12-12-2004, 02:35 AM
Hi. PhpDig version 1.8.5 has been released as a 'minor although very necessary' release. You must upgrade if you use a version of PhpDig earlier than v.1.8.5. The changes can be found in the Changelog (http://www.phpdig.net/info/changelog.txt) file. There is one database table change fro mv.1.8.4. To upgrade, make the change to the database table, reconfigure the new connect.php and config.php files, and copy over all of the files, overwriting the old files. Change your passwords and then upgrade, no ifs, no ands, no buts!

Note: If you are upgrading from an older version, make the database table updates in steps, for example, update the database tables 1.8.3 -> 1.8.4 -> 1.8.5 and then reconfigure the new connect.php and config.php files, and copy over all of the files, overwriting the old files.

Charter
12-12-2004, 02:50 AM
As a side note: Do not r****mly apply PhpDig patches that you find in the forums! These forums have supported many versions of PhpDig, so several of the code changes are not applicable to PhpDig v.1.8.5. Also, take extreme care should you change the code; otherwise, you might leave yourself open to exploits.

Charter
12-12-2004, 01:54 PM
If you downloaded PhpDig v.1.8.5 prior to the date of this post, then make the following changes:

In limit_upd.php find:

while (list($id,$url,$days_db,$links,$depth,) = mysql_fetch_row($result_id)) {

And replace with:

while (list($id,$url,$days_db,$links,$depth) = mysql_fetch_row($result_id)) {

Note the removal of the straggling comma after the $depth variable. This fixes the MySQL warning when you try to update sites from the admin panel.


In both search_function.php (two times) and function_phpdig_form.php (one time) find:

$template_demo = $_REQUEST['template_demo'];

And replace with:

$template_demo = urlencode(stripslashes(urldecode($_REQUEST['template_demo'])));

Note there are two replacements needed in search_function.php and one replacement needed in function_phpdig_form.php. The $template_demo variable can be passed back out to the browser, so this makes sure that output prints correctly.


In search_function.php find:

$refine_url = "&refine=1&site=$site&path=$path";

And replace with:

$refine_url = "&refine=1&site=$site&path=$path";

This change is for conformity in link format, using & instead of just the & symbol.


If you downloaded PhpDig v.1.8.5 after the date of this post, then the changes have already been made.

Charter
12-12-2004, 03:52 PM
Here are some things to check to try and see if you were affected by the security problem in PhpDig versions less than v.1.8.5. Search your server access logs and check for anyone accessing your important files. For example, search your logs for config.php and other important files and review the output for suspicious requests. You will know it if you see it. Also check for any file starting with a string of numbers, that file being writable or in a writable location. If you find such a file and it is not your content, review the file, then delete the file and again check your logs for any requests to the file. In any case, make sure to change your passwords if you were running a version of PhpDig less than v.1.8.5.

Charter
12-15-2004, 10:18 PM
Ho hum... So attached to this post is a file listing the code changes between PhpDig v.1.8.5 and PhpDig v.1.8.6, assuming the code changes already posted in this thread have already been applied to v.1.8.5.

Note that there are no database table changes from v.1.8.5 to v.1.8.6. The attached file is provided for your convenience, should you be on you way to hacking v.1.8.5 but want to upgrade to v.1.8.6. Really, you should upgrade, but I'm not going to beg.

Anyway, if I didn't forget to list any steps in the attached file, and you can follow it, then there shouldn't be a problem upgrading to v.1.8.6, but if you do run into problems, then download (http://www.phpdig.net/download.php?digfile=phpdig-1.8.6.zip) v.1.8.6 directly. As always, the changes can be found in the Changelog (http://www.phpdig.net/info/changelog.txt) file.

Note: If you downloaded PhpDig v.1.8.6 directly after the date of this post, then all the code changes posted in this thread have already been applied. Again, there are no database table changes between PhpDig v.1.8.5 and PhpDig v.1.8.6.

C'mon, upgrade! Oh, and don't go r****mly applying code changes from old posts, as these forums have supported multiple versions of PhpDig so it is possible that such code no longer applies.

Also, any possible code changes to PhpDig v.1.8.6 shall be continued in this (http://www.phpdig.net/forum/showthread.php?t=1642) thread.