Addon Release: Prisoner's Dilemma, build 2

All new Coranto Addons, updates and patches to addons, will be released here...also, get support for addons within!

Moderators: Spunkmeyer, Dale Ray, SrNupsen, Bluetooth, Jackanape

Addon Release: Prisoner's Dilemma, build 2

Postby Parahead » Fri Jan 21, 2005 12:15 pm

Prisoner's Dilemma is orignally created by plushpuffin and updated by request as discussed in this thread.

It lets you submit or modify news, using <BRESCAPE> and </BRESCAPE> in any HTML-enabled multi-line field, where desired. Any text in between the opening and closing BRESCAPE tags will NOT be terminated with a <br> tag (or <br /> if XHTML BR-tags are enabled at the General Settings page).

Any <br> tags you manually insert in the multi-line field will stay unchanged in the generated output and you do not lose them when entering the Modify News page. The output from Coranto is cleaned from all Prisoner's Dilemma tags that may have been placed in the multi-line fields, to ensure you get a valid HTML output.

Build 2 contains the following fixes:
  • Fixed so that br-tags are preserved within the textarea at the Modify News page
  • Removed all Prisoner's Dilemma tags in the actual output from Coranto
Download here!
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby msbzdragn » Fri Jan 21, 2005 12:38 pm

Great work, Parahead! Do you have access to add this to the addons section of the site?
Michael R. Tomkins
Administrator, 'Unofficial Coranto / NewsPro Forums'

Mitsubishi Diamante Forum

Do NOT send me instant messages asking for Coranto help without me telling you explicitly to do so. You WILL be placed on ignore if you do so; I don't have time to provide personal tech support to every person who IM's me. Sorry!
User avatar
msbzdragn
 
Posts: 2397
Joined: Mon Mar 11, 2002 4:51 pm
Location: Oak Ridge, TN

Postby SrNupsen » Fri Jan 21, 2005 12:50 pm

Posted in the addons secion by me. 8)

Great work, Parahead!

SrNupsen
-----------------------------------------------------------------------------------------------------
Coranto is free software. I am available for custom work or troubleshooting.

http://www.sundaune.no - transkripsjon, webdesign, nettsider, tekstbyrå
http://www.vagbladet.no - satire, politikk, kultur, sport, nettavis
-----------------------------------------------------------------------------------------------------
SrNupsen
 
Posts: 2229
Joined: Tue Jan 09, 2007 6:46 pm
Location: Nesodden, outside Oslo, Norway

Postby Parahead » Fri Jan 21, 2005 12:55 pm

msbzdragn wrote:Do you have access to add this to the addons section of the site?
Well, I had once upon a time and I had plans to make a post about it there, but I noticed that CTUS nowdays use Coranto 1.30.9 and I am unable to login? I can't swear I havn´t forgotten my password though. ;-)
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby msbzdragn » Fri Jan 21, 2005 12:56 pm

Parahead wrote:
msbzdragn wrote:Do you have access to add this to the addons section of the site?
Well, I had once upon a time and I had plans to make a post about it there, but I noticed that CTUS nowdays use Coranto 1.30.9 and I am unable to login? I can't swear I havn´t forgotten my password though. ;-)


Hmm - are you sure you're not looking at the wrong URL? We're on 1.24 here (I just checked).
Michael R. Tomkins
Administrator, 'Unofficial Coranto / NewsPro Forums'

Mitsubishi Diamante Forum

Do NOT send me instant messages asking for Coranto help without me telling you explicitly to do so. You WILL be placed on ignore if you do so; I don't have time to provide personal tech support to every person who IM's me. Sorry!
User avatar
msbzdragn
 
Posts: 2397
Joined: Mon Mar 11, 2002 4:51 pm
Location: Oak Ridge, TN

Postby msbzdragn » Fri Jan 21, 2005 12:57 pm

SrNupsen wrote:Posted in the addons secion by me. 8)

Great work, Parahead!

SrNupsen


Thanks Nupsen, you saved me some effort... :lol:

I've been up all night working on my "day" job, just now about to go to bed at 8am... :?
Michael R. Tomkins
Administrator, 'Unofficial Coranto / NewsPro Forums'

Mitsubishi Diamante Forum

Do NOT send me instant messages asking for Coranto help without me telling you explicitly to do so. You WILL be placed on ignore if you do so; I don't have time to provide personal tech support to every person who IM's me. Sorry!
User avatar
msbzdragn
 
Posts: 2397
Joined: Mon Mar 11, 2002 4:51 pm
Location: Oak Ridge, TN

Postby Parahead » Fri Jan 21, 2005 1:03 pm

msbzdragn wrote:
Parahead wrote:
msbzdragn wrote:Do you have access to add this to the addons section of the site?
Well, I had once upon a time and I had plans to make a post about it there, but I noticed that CTUS nowdays use Coranto 1.30.9 and I am unable to login? I can't swear I havn´t forgotten my password though. ;-)

Hmm - are you sure you're not looking at the wrong URL? We're on 1.24 here (I just checked).
Duh, you are correct, my misstake. Found the right one and was able to login... :P
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby msbzdragn » Fri Jan 21, 2005 1:05 pm

Parahead wrote:
msbzdragn wrote:
Parahead wrote:
msbzdragn wrote:Do you have access to add this to the addons section of the site?
Well, I had once upon a time and I had plans to make a post about it there, but I noticed that CTUS nowdays use Coranto 1.30.9 and I am unable to login? I can't swear I havn´t forgotten my password though. ;-)

Hmm - are you sure you're not looking at the wrong URL? We're on 1.24 here (I just checked).
Duh, you are correct, my misstake. Found the right one and was able to login... :P


lol OK, no worries :)
Michael R. Tomkins
Administrator, 'Unofficial Coranto / NewsPro Forums'

Mitsubishi Diamante Forum

Do NOT send me instant messages asking for Coranto help without me telling you explicitly to do so. You WILL be placed on ignore if you do so; I don't have time to provide personal tech support to every person who IM's me. Sorry!
User avatar
msbzdragn
 
Posts: 2397
Joined: Mon Mar 11, 2002 4:51 pm
Location: Oak Ridge, TN

Postby plushpuffin » Mon Jan 24, 2005 4:29 am

your download script for this site's addons page neglects to escape the single-quote in the prisoner's dilemma build 2 SQL statement.
I LIKE PIE
User avatar
plushpuffin
 
Posts: 411
Joined: Tue Mar 12, 2002 1:28 pm
Location: Buffalo, NY

Postby Parahead » Mon Jan 24, 2005 7:46 am

plushpuffin wrote:your download script for this site's addons page neglects to escape the single-quote in the prisoner's dilemma build 2 SQL statement.
Oups, that is a security risk! SrNupsen, who is responsible for the PHP code here at CTUS? This should be fixed... I don´t know if it is intentional or not, but currently the Subject field has HTML disabled so I couldn´t escape the ' with ' either...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby SrNupsen » Mon Jan 24, 2005 7:56 am

Out of time, fixed by renaming prisoner's to prisoners.

If any of the admins feel that these couple of posts should be removed for security reasons (or would even like to explain to me what the problem is and how to fix it), feel free to edit this topic and/or drop me a PM.

Good day!

SrNupsen
-----------------------------------------------------------------------------------------------------
Coranto is free software. I am available for custom work or troubleshooting.

http://www.sundaune.no - transkripsjon, webdesign, nettsider, tekstbyrå
http://www.vagbladet.no - satire, politikk, kultur, sport, nettavis
-----------------------------------------------------------------------------------------------------
SrNupsen
 
Posts: 2229
Joined: Tue Jan 09, 2007 6:46 pm
Location: Nesodden, outside Oslo, Norway

Postby msbzdragn » Mon Jan 24, 2005 8:28 am

I *believe* I've fixed this, adding the following code to the PHP:

Code: Select all
$Subject = str_replace("'","''",$Subject);


I tested and instead of the error message we were receiving when trying to download the addon when an apostrophe was in the subject field, it now downloads OK. I'm not a PHP programmer though, so I'm still leaving the apostrophe removed from the subject for now, until somebody who *is* a PHP programmer confirms this fix is OK?
Michael R. Tomkins
Administrator, 'Unofficial Coranto / NewsPro Forums'

Mitsubishi Diamante Forum

Do NOT send me instant messages asking for Coranto help without me telling you explicitly to do so. You WILL be placed on ignore if you do so; I don't have time to provide personal tech support to every person who IM's me. Sorry!
User avatar
msbzdragn
 
Posts: 2397
Joined: Mon Mar 11, 2002 4:51 pm
Location: Oak Ridge, TN

Postby msbzdragn » Mon Jan 24, 2005 8:37 am

After talking to Lawrence online for a sec (just saw him log on) I've changed the above code to:

Code: Select all
$Subject = addslashes($Subject);


I'd still like somebody to confirm this is safe before I leave the apostrophe in the subject though...

Edit: Lawrence suggested a better way, see changed code above. More info here: http://ca.php.net/addslashes
Michael R. Tomkins
Administrator, 'Unofficial Coranto / NewsPro Forums'

Mitsubishi Diamante Forum

Do NOT send me instant messages asking for Coranto help without me telling you explicitly to do so. You WILL be placed on ignore if you do so; I don't have time to provide personal tech support to every person who IM's me. Sorry!
User avatar
msbzdragn
 
Posts: 2397
Joined: Mon Mar 11, 2002 4:51 pm
Location: Oak Ridge, TN

Postby Parahead » Mon Jan 24, 2005 11:00 am

msbzdragn wrote:After talking to Lawrence online for a sec (just saw him log on) I've changed the above code to:

Code: Select all
$Subject = addslashes($Subject);


I'd still like somebody to confirm this is safe before I leave the apostrophe in the subject though...
The security issue isn´t really related to having the apostrophe in the Subject or not, it was the possibility of SQL Injection that was my concern (that is, breaking out of the current SQL statement and execute another [malicious] one). Looking at the page and the addslashes method I would say that issue has been taken care of.
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby SrNupsen » Mon Jan 24, 2005 2:27 pm

msbzdragn wrote:I tested and instead of the error message we were receiving when trying to download the addon when an apostrophe was in the subject field, it now downloads OK.


Which could also, ofcourse, relate to the fact that I removed the apostrophe from the subject 30 mins earlier :D

Glad to hear it's fixed, though.

SrNupsen
-----------------------------------------------------------------------------------------------------
Coranto is free software. I am available for custom work or troubleshooting.

http://www.sundaune.no - transkripsjon, webdesign, nettsider, tekstbyrå
http://www.vagbladet.no - satire, politikk, kultur, sport, nettavis
-----------------------------------------------------------------------------------------------------
SrNupsen
 
Posts: 2229
Joined: Tue Jan 09, 2007 6:46 pm
Location: Nesodden, outside Oslo, Norway

Next

Return to Addon Release and Support

Who is online

Users browsing this forum: No registered users and 2 guests

cron