Privat Board Security Fix 1.2 only for GERMAN version! This hack adds security test to complete security of privat boards. You should also install better_recent.mod and better_search.mod to make your board really save. version 1.2 - instant messages repaired (fix by Ze0) version 1.1 - one more security lag fixed [CV]XXL http://xxl.cstrike.de Sources\Post.pl if($username eq "Guest" && $enable_guestposting == 0) { &fatal_error("$txt{'165'}"); } if($currentboard ne "") { &DPPrivate; } sub NotifyUsers { if($currentboard ne "") { &DPPrivate; } Sources\Notify.pl sub Notify { if($username eq "Guest") { &fatal_error("$txt{'138'}"); } if($currentboard ne "") { &DPPrivate; } sub Notify2 { if($username eq "Guest") { &fatal_error("$txt{'138'}"); } if($currentboard ne "") { &DPPrivate; } sub Notify3 { if($username eq "Guest") { &error("$txt{'138'}"); } sub Notify3 { if($username eq "Guest") { &fatal_error("$txt{'138'}"); } if($currentboard ne "") { &DPPrivate; } sub Notify4 { if($username eq "Guest") { &error("$txt{'138'}"); } sub Notify4 { if($username eq "Guest") { &fatal_error("$txt{'138'}"); } if($currentboard ne "") { &DPPrivate; } Printpage.pl &readform; $Cookie_Exp_Date = 'Mon, 31-Jan-3000 12:00:00 GMT'; &get_date; &readform; #if ($INFO{'catsearch'} !~ /^[\s0-9A-Za-z#%+,-\.:=?@^_]+$/){ &fatal_error("$txt{'399'}" ); } if ($FORM{'catsearch'} =~ /\//){ &fatal_error("$txt{'397'}" ); } $cgi = "$boardurl/YaBB.pl\?board=$currentboard"; foreach (split(/; /,$ENV{'HTTP_COOKIE'})) { ($cookie,$value) = split(/=/); if($cookie eq "$cookieusername") { $username="$value"; } if($cookie eq "$cookiepassword") { $password="$value"; } } if($username eq "") { $username = "Guest"; } # Load user settings if($username ne "Guest") { open(FILE, "$memberdir/$username.dat"); &lock(FILE); @settings=; &unlock(FILE); close(FILE); $settings[0] =~ s/\n//g; $settings[1] =~ s/\n//g; $settings[2] =~ s/\n//g; $settings[3] =~ s/\n//g; $settings[4] =~ s/\n//g; $settings[5] =~ s/\n//g; $settings[6] =~ s/\n//g; $settings[7] =~ s/\n//g; $settings[8] =~ s/\n//g; $realname="$settings[1]"; $realemail = "$settings[2]"; } $board = $INFO{'board'}; $num = $INFO{'num'}; $currentboard = "$board"; if($currentboard ne "") { &DPPrivate; } YaBB.pl $moderators{$_} = $modprop[1]; } if ($INFO{'num'} ne "") { $check = "0"; open(FILE, "$boardsdir/$currentboard.txt"); &lock(FILE); @board_data=; &unlock(FILE); close(FILE); if ($FORM{'caller'} ne "") { $check = "1"; } foreach $board_data2 (@board_data) { ($threadnum, $dummy) = split(/\|/,$board_data2); if ($threadnum eq $INFO{'num'}) { $check = "1"; } } if ($check eq "0") { &fatal_error("$privat_board_security{'1'}"); } } english.pl 1; $privat_board_security{'1'} = "Diese Thopic existiert nicht auf diesem Board";