Messages posted by: Carbonize

What I would like is for someone to send me the files for Advanced Guestbook 2.2 as I think I've lost the copy I had, or it's on my laptop which is gathering dust in my house. I'll check on that later. I'm sure 2.2 uses the same naming scheme, ie gb_name gb_url etc. To check simply visit your addentry.php page and view the source code. Look for the <input tag that is used for the name (it should be the first one you come across) and see what the name="" attribute says. Then simply look in your files for that name.

Thats one of them instructions where its not important because if you don't understand it it doesn't apply to you. I have come up with a better way of handling the image verification I'm just playing around with how to handle uploaded images. The Image Verification method has it downfalls. I may return to the old method of error reporting on it. At present changing the gb_name to something else is still a good way of doing spam prevention as most spam is just sent to the guestbook. I have also come up with an invisible way of combating spam that was inspired by a phpBB modification. Anyone posting using the guestbooks form will have no problems but automated spam will not get through. Well until they figure it out but I can't see them bothering. I'll start work on writing the mod for this method as well as coding it into Advanced Guestbook 2.4. Hmmmm a combination of the last two ideas will be best I think. Will come up with something in the next 24 hours hopefully but I am trying to rush release 2.4 dues to the recent exploits that have been found.

http://proxy2.de/forum/viewtopic.php?t=3802

^^^ I was half asleep when I posted this.

Well as stated in a different thread I am going to have to bring the release date of Advanced Guestbook 2.4 forward. If your updated version of the Advanced Poll script is ready for release Auron I could host it on my site for you that way we will have control over the forum etc.

OK I misread the exploit posted on the security focus site. With the discovery of these two exploits I am going to have to bring forward the release of Advanced Guestbook 2.4. It will not be that major an update but will patch several exploits, add Yahoo & MSN fields, add a third option to gender and some other midnor differences.

www.carbonize.co.uk/reset.zip is a script designed for changing your username and password. Read the instructions. This site needs many things including moderators in the forum but the webmaster seems to be missing in action.

Well this is a 0 day exploit meaning that it has not been published anywhere else yet to my knowledge. It's not the easiest exploit to actually pull off but better safe than sorry.

ET wrote:Frankdon - I posted an "image" into your guestbook giving the illusion of an indent - you can save the .gif and use the smilie function to call it indent or tab or whatever you want ot call it so that all a person needs to do is click on the word you choose to call it (like the smilies that you have) and it will get inserted as invisible space.

That's the least labor intensive work-around I can think of.... or be patient and wait for Carbonize to find the time for rewriting the script.

Be well

I'd say adding my [pre][/pre] mod is the easiest method. It will just act the same as quote and code in this forum.

There is no need to update to 2.3.1 if you are happy with 2.2. Just apply the patch and carry on as normal. Actually I should say patches.

Anonymous wrote:Me 2 http://d8ll.org/guestbookclosed/index.php

Fixed and you have an email I just sent.

As I said I will think about making a mod to do that.

Bulletin boards would also end up with a wide page under the same circumstances.

pre-emptive *bump*

BBcode and AGcode are just different names for the same thing.

Sorry you also need to edit it in lib/gb.class.php