Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   06-28-2004, 11:43 AM
HD Addict
 
fallcreek's Avatar
 
Join Date: Jun 2004
Location: Indianapolis, IN
Posts: 103

Status: fallcreek is offline
Naturally, I'm 90% finished migrating all of my support to this script.....

http://www.helpcenterlive.com/forum/...st=0#entry7695

John
__________________
http://www.fallcreektech.com
http://www.mediabuynet.com - My lovely wife's site.
 
 
 


Old
  Post #2 (permalink)   06-28-2004, 01:03 PM
HD Wizard
 
Join Date: Jul 2003
Posts: 2,100

Status: BlackStorm is offline
Hmm doesn't seem like they have a real fix for this yet either...
I am using this but only for live chat, great script but not when I see something as bad as this

Hopefully there will be a real fix found soon, any idea if this problem is only for specific versions or for all?
 
 
 


Old
  Post #3 (permalink)   06-28-2004, 08:43 PM
HD Addict
 
Join Date: Jan 2004
Posts: 108

Status: imported_Alex is offline
Seems like the culprit is inc/pipe.php. I've removed it (as I don't use the piping/tt script) for the moment. It's a good program with prompt support and I'm sure they will patch it soon. Here is the thread: http://www.helpcenterlive.com/forum/...showtopic=1609
__________________
MCJ Interactive
http://www.mcjinteractive.com
Delivering Quality Hosting & Design Services
 
 
 


Old
  Post #4 (permalink)   07-02-2004, 08:56 AM
HD Addict
 
fallcreek's Avatar
 
Join Date: Jun 2004
Location: Indianapolis, IN
Posts: 103

Status: fallcreek is offline
Good news.

It looks like they've figured out the vulnerabilty and a patch, my problem is that I'm such a noob to php, that I can't figure out how to apply the patch!



John
__________________
http://www.fallcreektech.com
http://www.mediabuynet.com - My lovely wife's site.
 
 
 


Old
  Post #5 (permalink)   07-02-2004, 09:53 AM
HD Addict
 
Join Date: Jan 2004
Posts: 108

Status: imported_Alex is offline
John,

Actually it was discovered that it isn't an HCL issue, moreso a PHP setting. It's with the register_globals being tuned on in your php.ini (which is crazy! ).

What they have done is added the settings in their config.php file. If you look at the thread posted above, you will see all the dialogue.
__________________
MCJ Interactive
http://www.mcjinteractive.com
Delivering Quality Hosting & Design Services
 
 
 


Old
  Post #6 (permalink)   07-02-2004, 12:00 PM
HD Wizard
 
Join Date: Jul 2003
Posts: 2,100

Status: BlackStorm is offline
Ah right thanks, I will check what the patch is, if it only effects people that have register_globals on then that's a lot different than a hole in the script
Off topic but...has anyone tried to customise HCL?
I am using it but only for live chat, I have perl desk for my ticket system, if it is easy to skin, I might consider using HCL for everything instead of seperating them.
 
 
 


Old
  Post #7 (permalink)   07-02-2004, 12:51 PM
HD Addict
 
Join Date: Jan 2004
Posts: 108

Status: imported_Alex is offline
John,

From what I've heard, it is somewhat difficult to do (but some have done it).

I'd also recommend staying with your current tt system as I did here that they are going to be taking the tt & faq system out (not sure when).

There is a setting in the config where you could turn off the tt system and replace it with a support email address (hopefully, PerlDesk has piping and you could use that address; I use CE so I don't know about PerlDesk having piping capability).
__________________
MCJ Interactive
http://www.mcjinteractive.com
Delivering Quality Hosting & Design Services
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: