SECURITY HOLE FOUNDED - PLEASE BE CAREFUL. DOWNLOAD STOPPED
Hello YaBBmoders ,
This mod allows each member to upload their own avatar file (jpg, png & gif) to a separate directory in the avatars directory.
This version is for YaBB 1.3.x which does NOT have the attachment mod installed. It has the possibility to limit the uploaded avatars filesize.
1.1 Beta Fix : change YaBB.pl to YaBB.$yyext (2 times)
1.2 Wiebkes suggestions and File Attachment Support.
1.3 D. Baughman's use CGI fix ( thanx and thanx to Flicker ).
1.4 D. B's CGI fix doesn't work, so ... Fixed a security hole
1.5 D. B's CGI fix built, CPanel Update fix and autoset fix.
If you have the File Attachment Mod installed
then you have to do the 2 step manually.
It should looks like this in Subs.pl :
if ($ENV{REQUEST_METHOD} eq 'POST') {
if ($ENV{CONTENT_TYPE} =~ /multipart\/form-data/){
require CGI; import CGI qw(:standard);
my $query = new CGI;
my (@keylist) = sort($query->param());
foreach $key (@keylist) {
if ($query->param('file')) {
$filename = $query->param('file');
$postsize -= length($query->param('file'));
$tmpfile = $query->tmpFileName($filename);
}
$postsize += length($query->param($key));
# may be dealing with multiple values; need to join with comma
$value = join(', ', $query->param($key));
$FORM{$key} = $value;
my $avatar = $query->param('umafile');
my $tmpfile = $query->tmpFileName($avatar);
local( $/, *TMP );
open(TMP,"$tmpfile");
my $filedata = <TMP>;
close(TMP);
open(TMP2,">$umauploaddir/$avatar");
print TMP2 $filedata;
close(TMP2);
}
} else {
read(STDIN, my $input, $ENV{CONTENT_LENGTH});
split_string(\$input, \%FORM)
}
greetings
louisle