Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Requests for Patches
Date: January 06, 2007 01:30PM

I'm deploying Phorum on one of my websites, and was pleasantly surprised to find that it was the same software as the one used here. I also remembered, however, that there were numerous security issues found by the members of the forum here, and I don't think that the "official" distribution of Phorum has been fixed yet.

So... I was wondering whether or not you could issue a set of security patches for Phorum, or at least compile a list of the security related changes. That would be really cool, although it probably would be not a little work.

HTML Purifier - Standards Compliant HTML filtering

Options: ReplyQuote
Re: Requests for Patches
Posted by: rsnake
Date: January 09, 2007 10:19AM

I don't have a patch list, I'm sorry, I made the changes directly to the source. I made a bunch of modifications, all of which I have now forgotten which files they are built in. Honestly, phorum is not great software. It is okay, but it eats up too much CPU. We'll probably dump it eventually.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Requests for Patches
Date: January 10, 2007 04:50PM

Ah, that's disappointing. diff probably would have worked, but it's okay. Security by obscurity!

HTML Purifier - Standards Compliant HTML filtering

Options: ReplyQuote
Re: Requests for Patches
Posted by: Ghozt
Date: January 10, 2007 05:30PM

http://osvdb.org/searchdb.php?action=search_title&vuln_title=phorum&Search=Search
You can just go through and fix all of those. Have fun.

Options: ReplyQuote
Re: Requests for Patches
Date: January 11, 2007 08:17PM

That's a misleading list: not all of them have not been fixed.

HTML Purifier - Standards Compliant HTML filtering

Options: ReplyQuote


Sorry, only registered users may post in this forum.