mentecky
|
| Posted: 01/17/2009, 7:46 AM |
|
#1... DON'T edit your posts right now because this bug is killing all our posts.
It only happens in an UPDATE!!!
OK, So I found a CRITICAL bug in PHP that will make your sites look like this
unless you patch them quick!!!
I patched mine and posted the fix I came up with at:
http://www.ccselite.com/forums_topics_view.php?forum_id=2&forum_topic_id=41
As you can tell by the state of these boards this is CRITICAL!
Let me know if it doesn't work for you but I have had no issues with it.
Rick
_________________
Richard J. Mentecky
http://www.ccselite.com
http://www.mentecky.com
Spock: As I recall you took the test three times yourself. Your final solution
was, shall we say, unique?
Kirk: It had the virtue of never having been tried.
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
 |
jjrjr1
|
| Posted: 01/17/2009, 7:50 AM |
|
Thanks again Rick.
If everyone is done testing on a live database, we can all get access to the
fix.
You Rock, and your effort is truly appreciated.
_________________
More CCS Info at: http://CCSElite.com[/b]
Keep On Truckin' 
John Real
http://RealSites.biz
http://RealTest.biz
http://3rdRockRealtor.com[/b]
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
Oper
|
| Posted: 01/17/2009, 7:53 AM |
|
Rick i think you should take off the part how to reproduce
_________________
_____________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.GlobalDevelop.com
Flash + CCS - Samples
(SWISHMAX + CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates & Free Stuff
Please do backup first
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
mentecky
|
| Posted: 01/17/2009, 7:53 AM |
|
John,
Thanks for verifying the patch for me.
Rick
_________________
Richard J. Mentecky
http://www.ccselite.com
http://www.mentecky.com
Spock: As I recall you took the test three times yourself. Your final solution
was, shall we say, unique?
Kirk: It had the virtue of never having been tried.
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
mentecky
|
| Posted: 01/17/2009, 7:56 AM |
|
Oper,
Maybe... I'm not sure it gives a way to test that your site is no longer
broken. Until a few minutes ago this site actually had the info on it. 
Rick
_________________
Richard J. Mentecky
http://www.ccselite.com
http://www.mentecky.com
Spock: As I recall you took the test three times yourself. Your final solution
was, shall we say, unique?
Kirk: It had the virtue of never having been tried.
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
Oper
|
| Posted: 01/17/2009, 7:59 AM |
|
i mean keep the infop and the path cuase is importan to fix, but not how to
reproduce.
just to avoid spreading the info
but i my last comment on the isue to avoid "kids like John"
Thank for the patch for php CCS comunity Richard
_________________
_____________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.GlobalDevelop.com
Flash + CCS - Samples
(SWISHMAX + CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates & Free Stuff
Please do backup first
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
jjrjr1
|
| Posted: 01/17/2009, 8:00 AM |
|
Actually Oper would that have prevented you from doing it again??
_________________
More CCS Info at: http://CCSElite.com[/b]
Keep On Truckin'
John Real
http://RealSites.biz
http://RealTest.biz
http://3rdRockRealtor.com[/b]
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
Oper
|
| Posted: 01/17/2009, 8:06 AM |
|
when i add my thread i just copy and paste from my code and forgot to take off
the character you already know.
_________________
_____________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.GlobalDevelop.com
Flash + CCS - Samples
(SWISHMAX + CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates & Free Stuff
Please do backup first
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
mentecky
|
| Posted: 01/17/2009, 8:09 AM |
|
Oper,
I think it's important to give people information on how to test the patch. I'm
not perfect and maybe I missed something. They need to be able to test.
No one here would purposely wreck the boards, so I don't think it's an issue
here. We just all have to pay attention to our edits until it's fixed.
John and I have tested the patch and it seems good to us, but someone may have
something that will require me bending it a bit.
Rick
_________________
Richard J. Mentecky
http://www.ccselite.com
http://www.mentecky.com
Spock: As I recall you took the test three times yourself. Your final solution
was, shall we say, unique?
Kirk: It had the virtue of never having been tried.
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
jjrjr1
|
| Posted: 01/17/2009, 9:03 AM |
|
Incidentally,
I posted this problem To Y's support system at 7:00pm PST last night. I marked
it URGENT Security Problem. (Not knowing at that time what had caused this)
Checking this morning, 14 hours later, No repsonse from Y.
Not sure what is up with that.
Hope they realize the implications of this issue and take care of their paying
customers.
Until we hear from Y, any critical applications we have out there at risk
should probably be updated with Rick's fix.
We all should appreciate Rick's work since he came up with a fix, coded, and
tested it before our vendor even replied to a URGENT Security. Support Request
from a developer that p[ays annual support dues.
Have fun and let's see what happens.
_________________
More CCS Info at: http://CCSElite.com[/b]
Keep On Truckin'
John Real
http://RealSites.biz
http://RealTest.biz
http://3rdRockRealtor.com[/b]
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
Markie
|
| Posted: 01/17/2009, 9:21 AM |
|
I certainly hope Y has a backup of the complete database. A few days ago the
forums where offline because of maintainance. I hope this forum will be online
soon as it is a HUGE knowledge base for me and a lot of fellow php coders.
In the meantime, let's all give ccselite.com a chance to post questions and
answers !
_________________
The Netherlands, GMT+1
Tools: CCS 4.1.00.027, Win XP, Navicat, PSPad
Local server: XAMPP with Apache, php and MySQL
Webserver: Ubuntu with Apache, php and MySQL
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
THX1138
|
| Posted: 01/17/2009, 9:31 AM |
|
firstly, thanks Rick for figuring out what all was the cause of this and for
figuring out a patch.
being overly cautious right now, i'm going to watch how your patch develops, as
i still dont understand if this a php / board only issue, or if this is a CCS
hidden feature which will
put in danger ALL production databases.
i would have expected that a commercial product would safeguard against
injection procedures, so am curious to know if this problem occurs on any php
query added
to a requesting url, or just in board posts. i have to go and read up more on
this topic
secondly, as per jjrjr comment, i also put in a trouble ticket to yes at 18:00
PST and other than
the autoresponse have not heard boo. i doubt this is relevant other than just
another fact.
once again, thanks Rick for sharing your knowledge
---------------------------------------
Sent from YesSoftware forum
http://forums.codecharge.com/
|
|
|
|
mentecky
|
| Posted: 01/17/2009, 9:31 AM |
|
I agree Markie, I too will miss all the searchable knowledge here if it's gone.
Rick
_________________
Richard J. Mentecky
http://www.ccselite.com
http://www.mentecky.com
Spock: As I recall you took the test three times yourself. Your final solution
was, shall we say, unique?
Kirk: It had the virtue of never having been tried.
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
mentecky
|
| Posted: 01/17/2009, 9:39 AM |
|
THX1138,
First, you did nothing wrong... just what you did pointed out a bug. One in a
million shot... maybe you should play the lottery today.
I was totally self serving in figuring it out so my message boards didn't go to
hell and simply posted what I found for all of you to use. that code is running
on CCSElite now and I've editted the post 100 times with no problems. I've also
started putting it on other sites open to the internet.
BTW... I'm glad you resolved your issue with the WHERE clause!
Rick
_________________
Richard J. Mentecky
http://www.ccselite.com
http://www.mentecky.com
Spock: As I recall you took the test three times yourself. Your final solution
was, shall we say, unique?
Kirk: It had the virtue of never having been tried.
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
mentecky
|
| Posted: 01/17/2009, 9:55 AM |
|
THX1138,
Just so you know it was your very good description of how it happened that
pointed me to a quick fix.
Thanx,
Rick
_________________
Richard J. Mentecky
http://www.ccselite.com
http://www.mentecky.com
Spock: As I recall you took the test three times yourself. Your final solution
was, shall we say, unique?
Kirk: It had the virtue of never having been tried.
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
THX1138
|
| Posted: 01/17/2009, 10:14 AM |
|
Thanks Rick,
As i'm still learning the wonders of php, sql and ccs, and mostly by trial and
error,
i tend to be very methodical and check things after nearly every change i make,
so i
can undo them more easily when they dont work out.
-- and woe to that missing semicolon that sneaks past me and baffles me for
way too long
I'll be trying your patch out in a while too, as it seems like a gaping hole
waiting for
someone else to fall into, and as I'm also learning, users do the strangest
things.
but first, some database backups
---------------------------------------
Sent from YesSoftware forum
http://forums.codecharge.com/
|
|
|
|
jjrjr1
|
| Posted: 01/17/2009, 12:48 PM |
|
Yeah Markie.
The knowlege lost will be in enourmous and the value of all the information
lost will be incalculable if Y does not have it backed up.
That was also a question I asked in my support ticket to them.
WIth this bug and if they have no recent backups, well.... that would
certainly be a little embarasing to them as a vendor of database enabled coding
frameworks don't you think?
It's been 18hrs and no response from Y at all. Can't figure that out????
See Ya.
_________________
More CCS Info at: http://CCSElite.com[/b]
Keep On Truckin'
John Real
http://RealSites.biz
http://RealTest.biz
http://3rdRockRealtor.com[/b]
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
jjrjr1
|
| Posted: 01/17/2009, 1:07 PM |
|
Well Group.
On the hopes someone would be home, I just called YesSoftware in Las Vegas.
No one home.....
So. I left a mesage for them to take a look at their support ticket system and
the forum.
Maybe someone checks messages. Who knows? But worth a try.
_________________
More CCS Info at: http://CCSElite.com[/b]
Keep On Truckin'
John Real
http://RealSites.biz
http://RealTest.biz
http://3rdRockRealtor.com[/b]
---------------------------------------
Sent from YesSoftware forum
http://forums.yessoftware.com/
|
|
|
|
peterr
Posts: 5971
|
| Posted: 01/17/2009, 4:00 PM |
|
Thanks John. We've been communicating with several customers regarding this issue and forum posts are being restored now.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
jjrjr1
Posts: 942
|
| Posted: 01/17/2009, 4:14 PM |
|
Thanks Peter.
Your attention to the problem is greatly appreciated.
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com |
|
|
|
