|
Posted by Vince Morgan on 03/19/07 00:54
"Vince Morgan" <vinhar@REMOVEoptusnet.com.au> wrote in message
news:45fddf3c$0$4753$afc38c87@news.optusnet.com.au...
>
> "starman7" <starman7@hotmail.com> wrote in message
> news:1174227227.401596.99820@o5g2000hsb.googlegroups.com...
> i'm installing a custom php bulletin board, the below code complains
> about its configuration file having spaces or carriage feeds before or
> after the beginning or end of the code. as far as i could tell the
> above code evaluated for reasons other that that ... as my config.php
> had no spaces, etc. and worked completely after removal of this block,
> and even partially while the block remained - (but displayed the
> error).
>
>
> can anyone describe what this code does, and advise if removing it
> makes the app any less secure? i removed it and everything worked as
> expected. and/or suggest replacement code i can suggest to the author?
> also - why is it looking at dbuser?
>
>
> $config_content = @file_get_contents($phpbb_root_path . 'config.'.
> $phpEx);
>
The above code loads the config.php file
>
> if ( strpos($config_content, 'dbuser') && (substr($config_content, 0,
> 5) != '<?php' || substr($config_content, -2) != '?>') )
>
The above checks that there is not data before "<?php" at the top, and then
that "?>" is right at the end. If it does not pass the test it outputs the
below message.
If you remove the above code you don't load the file, or test for illegal
chars, so the problem seems to go away.
It's "config.php" that needs the attention.
>
> print('· You have <u>damaged</u>: <b>config.'.$phpEx.'</b> file !<br /
> >· File must begin with: <b><?php</b> and finish with <b>?></b>
> with any other chars (spaces, tabs or new line) before <?php and
> after ?><br />· You must correct the file !<br />· Remember <u>it
> is not mistake</u>, if your text editor can not see this space, tab or
> new line, use other editor with operating multi (CR/LF) format or
> create new file with clean content.<br />· Forum will not work
> correctly with damaged config.php file.<hr /><br />');
> }
HTH
Vince Morgan
>
>
Navigation:
[Reply to this message]
|