Resources

Getting started

Support

Development

Topics

User Functions

Events

There are no upcoming events

What's New

Stories

No new stories

Comments last 2 weeks


Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Wednesday, June 19 2013 @ 10:39 AM EDT

> >

Geeklog 1.3.11sr1 and 1.3.9sr4

Security
  • Sunday, July 03 2005 @ 04:11 PM EDT
  • Contributed by:
  • Views:
    10,134

Stefan Esser has found an SQL injection vulnerability in Geeklog that can, under certain circumstances, be used to extract sensitive user data such as a user's password hash. We are therefore releasing security updates to address this issue and would advise you to upgrade ASAP.

There are upgrade archives available to upgrade from Geeklog 1.3.11 and Geeklog 1.3.9sr3, as well as a complete tarball for Geeklog 1.3.11sr1 (for new installations).

Users of Geeklog 1.3.10 please read on ...

As mentioned in the release announcement for Geeklog 1.3.11, there will be no further development for Geeklog 1.3.10. Consequentially, we are not releasing this security upgrade for 1.3.10. While it would be easy to provide such an upgrade, it would be pointless as 1.3.11 was itself a security upgrade for 1.3.10. So fixing this security issue would still leave you vulnerable to the issues with 1.3.10. You had over half a year to upgrade to 1.3.11 and if you still haven't done so, now would be a good time ... Use the 1.3.11sr1 tarball and go through all the usual upgrade steps. As mentioned before, the upgrade should be relatively painless as there were no changes in the themes and config.php from 1.3.10 to 1.3.11.

What's Related

Story Options

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:RichardTowler on Monday, July 04 2005 @ 07:41 AM EDT
Thanks, worked without problems.

---
GameFaction - For All Your Gaming Needs
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:sshservices on Monday, July 04 2005 @ 03:06 PM EDT
Ran into a problem...

Edited new lib-common.php file to correct path and Parse erro on line 4691

New file line:
}
else if( $A['type'] ']']']']== ']']']']==']']']==']']==']=='poll' )
{

Original File line:
}
else if( $A['type'] ']']== ']']==']=='poll' )
{

Looks odd to me
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:machinari on Monday, July 04 2005 @ 04:56 PM EDT
looks corrupt.. try downloading again

---
You are limited only by your imagination...
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:Dirk on Monday, July 04 2005 @ 05:16 PM EDT

Yes, that's a typical case of a corrupted lib-common.php.

bye, Dirk

  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:n4th4n on Sunday, July 10 2005 @ 01:08 PM EDT
I just went from 1.3.9sr1 to sr4 in one go. At first I thought everything
was fine, but then noticed that the forum plugin no longer works. The
list of forums appears, but clicking on any of the forums in the list just
reloads the page. If I go to the forum admin page and attempt to click
on any listed post I get a Topic deleted? error. I think perms are all OK,
what else can I check?
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:n4th4n on Sunday, July 10 2005 @ 01:13 PM EDT
The plugin reports itself as 2.3, though there is a changes-2.3.2 file in
the folder I archived. The geeklog version is listed as 1.3.8 in the
admin/plugins window.
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:n4th4n on Sunday, July 10 2005 @ 01:45 PM EDT
OK - forget it. I was a bad hacker and had modified lib-common.php to
get around the register_globals setting, and so when I replaced lib-
common.php with the updated version, the reg_globals hack was not
there anymore, and so the forum didn't function anymore. I guess I didn't
check things out as thoroughly as I thought. Boy, that'll be nice in GL2 to
not have to worry about the Reg Globals thing...
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:Remdotc on Monday, July 11 2005 @ 05:48 PM EDT
instead of complete replacing the affected file, could you just post the effect line segments someplace?
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:Dirk on Tuesday, July 12 2005 @ 01:53 AM EDT

CVS diff

bye, Dirk

  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:TrappedOnEarth on Wednesday, July 13 2005 @ 06:57 PM EDT
I upgraded from 1.3.11 to 1.3.11sr1 by replacing the lib-common.php
file, but the GL Version Test still shows 1.3.11, no "sr1" -- I am assuming
that normal?
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:Dirk on Thursday, July 14 2005 @ 01:59 AM EDT

Carefully read the included ReadMe again ...

bye, Dirk

  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:TrappedOnEarth on Thursday, July 14 2005 @ 04:32 AM EDT
Thanks! The instructions are right there, plain as day! Sorry about that.
I must have gotten ahead of myself or something. I edited my
config.php as instructed in the Read Me and all is well with the version
number. Thanks once more.
  • Totally Crashes My Weblog
  • Authored by:suspensewriter on Wednesday, July 20 2005 @ 11:04 AM EDT
I have done the update (and undone it back to the original file) several times now, doublechecking variables, making sure that my text editor wasn't munging the code, etc. I get the same error message every time:

Warning: main(lib-common.php): failed to open stream: No such file or directory in /my/path/tol/geeklog/index.php on line 37

Fatal error: main(): Failed opening required 'lib-common.php' (include_path='.:/usr/lib/php') in /my/path/tol/geeklong/index.php on line 37

... where /my/path/tol/geeklong/ has been substituted for my actual working path.

Any idea where I might be going wrong?

---
Suspensewriter :: Writing: it's just one damned word after another
  • Totally Crashes My Weblog
  • Authored by:Dirk on Wednesday, July 20 2005 @ 04:26 PM EDT

Well, the error message pretty much says it all: It can't find the lib-common.php.

Either it's really missing or the permissions on the file are such that the webserver can't read it (that sounds a bit odd, though).

bye, Dirk

  • Totally Crashes My Weblog
  • Authored by:beewee on Thursday, July 21 2005 @ 03:55 AM EDT
/my/path/tol/geeklong/index.php

Do I see geeklong instead of geeklog..?

---
www.beeweb.nl
  • Not sure what happened
  • Authored by:Airamis77 on Sunday, July 24 2005 @ 12:35 PM EDT
I replaced the lib-common.php and everything worked fine, then I changed the version # in the config and now I get this error

require_once( '/home/thebluem/www/config.php' );
Warning: Cannot modify header information - headers already sent by (output started at /home/thebluem/www/config.php:1) in /home/thebluem/www/system/lib-sessions.php on line 188

Warning: Cannot modify header information - headers already sent by (output started at /home/thebluem/www/config.php:1) in /home/thebluem/www/system/lib-sessions.php on line 200

Anyone know what I've done wrong?
  • Not sure what happened
  • Authored by:Dirk on Sunday, July 24 2005 @ 01:14 PM EDT

Cannot modify header information - headers already sent by ...

  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:beewee on Thursday, August 11 2005 @ 03:35 AM EDT
Could it be possible that the comments enabled/disabled bug in the Polls isn't fixed yet in this version?

---
www.beeweb.nl * www.kampeerzaken.nl * www.watersporters.info * www.outdoormania.nl
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:DubiousChrisJ on Thursday, September 08 2005 @ 11:23 PM EDT
I upgraded to 1.3.11sr1 from 11 by replacing the lib-common.php and had no issues or errors.

---
DubiousProfundity.com:
Dubious Wisdom for Dubious Times...
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:Anonymous on Tuesday, October 25 2005 @ 11:21 PM EDT
how to handle your talballs?
do things have to be more complicate than simple zip files?
i am new to all this. i have been here for days, but i have not come across a sigple posting that tells a novice how to get the geeklog on his/her site in a simple and comprehensive way.
  • Geeklog 1.3.11sr1 and 1.3.9sr4
  • Authored by:Dirk on Wednesday, October 26 2005 @ 02:19 PM EDT

Try Alternative installation instructions then.

And if you have any actual questions, please post them in the forum, not as a comment to some unrelated story. Thanks.

bye, Dirk

Post a Comment

Your Name
Create Account
Allowed HTML Tags:
<p>, <b>, <strong>, <i>, <a>, <em>, <br>, <tt>, <hr>, <li>, <ol>, <ul>, <code>, <pre>, [code], [raw], [page_break], [staticpage:]InformationInformation[staticpage: id alternate title] - Displays a link to a static page using the static page title as the title. An alternate title may be specified but is not required. , [event:]InformationInformation[event: id alternate title] - Displays a link to an Event Link from the Calendar using the Event Title as the title. An alternate title may be specified but is not required. , [poll:]InformationInformation[poll: id alternate title] - Displays a link to a poll using the Poll Topic as the title. An alternate title may be specified but is not required. , [link:]InformationInformation[link: id alternate title] - Displays a link to a Link from the Links Plugin using the Link Title as the title. An alternate title may be specified but is not required. , [faq:], [forum:]InformationInformation[forum: id alternate title] - Displays a link to a forum topic using the text 'here' as the title. An alternate title may be specified but is not required. , [file:], [story:]InformationInformation[story: id alternate title] - Displays a link to a Story using the Story Title as the title. An alternate title may be specified but is not required. , [user:]InformationInformation[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.
 

Security code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

What code is in the image?
Enter the bolded text, case sensitive!
Important Stuff
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Your email address will NOT be made public.