![[United Ostomy Associations of America, Inc.]](https://www.uoaa.org/forum/uoaaxt/images/uoaa_header_board7.png)
I have just learned of a security vulnerability in the software we're using (phpBB) involving uploadable avatars. This vulnerability could allow a malicious person to insert a script into our site. Consequently, I have disabled support for such avatars.
I know that people were having a lot of fun with these avatars. I even posted some messages myself to provide help in preparing avatar files. However, it's more important to keep our site secure. So, for now, I've turned off avatar support. I'll re-enable it when I know that the vulnerability has been patched.
Bob
Avatar support disabled (Security issue) now re-enabled
Moderators: Bob Webtech, Jimbob
Forum rules
Before posting, please read our Discussion Board Terms and Conditions and our Code of Conduct. This particular area of our board is only for issues on how to use the board, not for ostomy-related questions!
Before posting, please read our Discussion Board Terms and Conditions and our Code of Conduct. This particular area of our board is only for issues on how to use the board, not for ostomy-related questions!
-
Bob Webtech
- Site Admin
- Posts: 995
- Joined: 2005-09-29 11:17:09
Avatar support disabled (Security issue) now re-enabled
Last edited by Bob Webtech on 2005-10-30 22:01:21, edited 1 time in total.
-
mrs franz eder
- Posts: 28
- Joined: 2005-10-01 13:11:09
Bob found a security issue that affects avatars and is waiting for the software folks to devise a "fix". This issue does not affect any other part of these boards. There are sites that alert folks to vulnerabilities to different internet software applications and Bob keeps a close eye on these. Steve S
photos
mrs franz eder - I believe we can still post photos, just not avatars. You can do so by using html tags, particularly the Img tag. You can find it by the Img button above. Click it, and you will get something that says " ." Between the "img's," insert the url of the photo you want to post.
-
Bob Webtech
- Site Admin
- Posts: 995
- Joined: 2005-09-29 11:17:09
sweet!
Sweet Bob! Thanks for updating hooking us up with avatars again! While you were installing the update, did that relate to this
"message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"
message I received while trying to access the discussion board? Out.
"message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"
message I received while trying to access the discussion board? Out.
same problem...
Yeah, Mara, I had the same problem too...
-
Bob Webtech
- Site Admin
- Posts: 995
- Joined: 2005-09-29 11:17:09
Eric, your problem apparently occurred when you tried refreshing one of the board pages after I had taken the board down to upgrade the software. The contents of that message are strange: the software does include a page_tail.php file but that file doesn't include a message_die() function, so I can't make much sense of it. Anyway, things seem to be working normally now, since I re-enabled the board after the upgrade.
As for the automatic login failures: this feature depends on a "cookie" stored on your computer. Possibly, the cookie written by phpBB 2.0.17 isn't recognized when read by phpBB 2.0.18. But everything should work fine once you create a new cookie with the 2.0.18 version.
As for the automatic login failures: this feature depends on a "cookie" stored on your computer. Possibly, the cookie written by phpBB 2.0.17 isn't recognized when read by phpBB 2.0.18. But everything should work fine once you create a new cookie with the 2.0.18 version.