Icy Phoenix

     
 


Post new topic  Reply to topic 
Page 1 of 1
 
 
Reply with quote Download Post 
Post Custom Profile Record Error. 
 
Hi everyone. I have Icy Phoenix 1.2.0.27c running on my server.

Las month I added one custom user record, a text field where users can write what car they have.

The problem is that the year's car usually is written with an ' previous of the 2 last numbers of year. i.e: 1991 -> '91.

When a user writes this character, the Ctracker blocks its register and the user get's the hacking warning. I do not know how to disable it, because I have disable all Ctracker at Cpanel, but the problem persist.

Thank you for your answers.
 



 
jefazo666Send private message  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
Since you are already trying to upgrade ... please wait and see if the problem is solved after the upgrade  
 




____________
www.DutchaGoGo.com (development/under construction ...Forever?¿?)
 
Joshua203Send private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
this accent looks like some code for the crTracker, thats why you´re getting an hacking attempt.

try to not use this and better write the full year
 




____________
Out of Order
 
spydieSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
jefazo666 wrote: [View Post]
I do not know how to disable it, because I have disable all Ctracker at Cpanel, but the problem persist.


Then 97 etc will always be a problem.

Go to the ACP Ctracker and find the log and the name of the file that it is blocking.

Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.


spydie wrote: 
Try to not use this and better write the full year


That's not really the way to fix it, because no doubt the users add it manually  
 



 
mortSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
I have an Issue with ACP right now. But when I fix it, I will try. Thank's mort.

Could you explain me where should I look for the info you requested? I never understood Ctracker and how I use it, so I do not know what are you asking me. I am sorry, but I would be thankful if you help me with this.
 



 
jefazo666Send private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
jefazo666 wrote: [View Post]
I never understood Ctracker and how I use it, so I do not know what are you asking me.


Do a search, I'm sure there is something in the documentation that would point you in the right direction. Or just go through Ctracker looking for the logs. - As it's one way of learning what's there and what's not.
 



 
mortSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
mort wrote: [View Post]

Then 97 etc will always be a problem.

Go to the ACP Ctracker and find the log and the name of the file that it is blocking.

Then something can be done about telling Ctracker to ignore it or kill Ctracker for the whole file.


spydie wrote: 
Try to not use this and better write the full year


That's not really the way to fix it, because no doubt the users add it manually  


correct mort.

but you´re right ablout crTracker log, finding the file it blocks.

I had that issue earlier with .27 and 53 but it was about check-boxes in profilfields

should be somewhere in the old support topic´s here.

Found it

fix was HERE
 




____________
Out of Order
 
spydieSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
On older versions of HTTP, you could include a ' character on a text field on Login. This then should be passed to the SQL query and you could cause a syntax problem. Because of this Ctracker blocks this character on text fields.

The people wrotes at username something like :

" username' or 1==1 "

This changed the sql query and the OR with the 1==1 expresion, made that someone could login as anyone he wanted.

This is the reason why Ctracker blocks this character on text fields. The question is: if I have disabled the CTRacker, why this keeps working?

This issue with character was solved long time ago, so now Ctracker is checking for something useless.
 



 
jefazo666Send private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: Custom Profile Record Error. 
 
Quote:
Ctracker is checking for something useless.


It;s not checking for something useless - It's acting on something it doesn't know about.

So why not open up ct_security.php and add the input field to the ignore array.

From what I can see it should then ignore it.  
 



 
mortSend private message  
Back to topPage bottom
Post new topic  Reply to topic  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events


  

 

  cron