Security of Data and files

The following warnings occurred:

Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.31 (Linux)

File	Line	Function
/global.php	783	errorHandler->error
/showthread.php	26	require_once

Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.31 (Linux)

File	Line	Function
/global.php	783	errorHandler->error
/showthread.php	26	require_once

Warning [2] Undefined variable $newpmmsg - Line: 40 - File: global.php(841) : eval()'d code PHP 8.1.31 (Linux)

File	Line	Function
/global.php(841) : eval()'d code	40	errorHandler->error
/global.php	841	eval
/showthread.php	26	require_once

Warning [2] Undefined array key "style" - Line: 909 - File: global.php PHP 8.1.31 (Linux)

File	Line	Function
/global.php	909	errorHandler->error
/showthread.php	26	require_once

Warning [2] Undefined property: MyLanguage::$lang_select_default - Line: 5024 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	5024	errorHandler->error
/global.php	909	build_theme_select
/showthread.php	26	require_once

Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	7162	errorHandler->error
/inc/functions.php	5044	is_member
/global.php	909	build_theme_select
/showthread.php	26	require_once

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1370	fetch_forum_permissions
/showthread.php	137	forum_permissions

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1415	errorHandler->error
/inc/functions.php	1380	fetch_forum_permissions
/inc/functions.php	2909	forum_permissions
/showthread.php	621	build_forum_jump

Warning [2] Undefined array key "mybb" - Line: 1952 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	1952	errorHandler->error
/inc/functions_indicators.php	41	my_set_array_cookie
/showthread.php	629	mark_thread_read

Warning [2] Trying to access array offset on value of type null - Line: 488 - File: inc/db_mysqli.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/db_mysqli.php	488	errorHandler->error
/showthread.php	722	DB_MySQLi->fetch_field

Warning [2] Undefined property: MyLanguage::$ratings_update_error - Line: 5 - File: showthread.php(732) : eval()'d code PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php(732) : eval()'d code	5	errorHandler->error
/showthread.php	732	eval

Warning [2] Undefined variable $postsdone - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Trying to access array offset on value of type null - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4755 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4757 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4760 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4764 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4770 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4773 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4785 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4792 - Line: 867 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	867	errorHandler->error

Warning [2] Undefined array key 4757 - Line: 1576 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4760 - Line: 1576 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4773 - Line: 1576 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4792 - Line: 1576 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key 4785 - Line: 1576 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	1576	errorHandler->error
/showthread.php	1578	buildtree
/showthread.php	879	buildtree

Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions.php	7162	errorHandler->error
/inc/functions_user.php	844	is_member
/inc/functions_post.php	406	purgespammer_show
/showthread.php	880	build_postbit

Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions_post.php(474) : eval()'d code	6	errorHandler->error
/inc/functions_post.php	474	eval
/showthread.php	880	build_postbit

Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions_post.php	660	errorHandler->error
/showthread.php	880	build_postbit

Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions_post.php	741	errorHandler->error
/showthread.php	880	build_postbit

Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.31 (Linux)

File	Line	Function
/inc/functions_post.php	746	errorHandler->error
/showthread.php	880	build_postbit

Warning [2] Undefined array key "invisible" - Line: 1506 - File: showthread.php PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php	1506	errorHandler->error

Warning [2] Undefined variable $threadnotesbox - Line: 30 - File: showthread.php(1533) : eval()'d code PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	30	errorHandler->error
/showthread.php	1533	eval

Warning [2] Undefined variable $multipage - Line: 33 - File: showthread.php(1533) : eval()'d code PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	33	errorHandler->error
/showthread.php	1533	eval

Warning [2] Undefined variable $multipage - Line: 65 - File: showthread.php(1533) : eval()'d code PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	65	errorHandler->error
/showthread.php	1533	eval

Warning [2] Undefined variable $addremovesubscription - Line: 79 - File: showthread.php(1533) : eval()'d code PHP 8.1.31 (Linux)

File	Line	Function
/showthread.php(1533) : eval()'d code	79	errorHandler->error
/showthread.php	1533	eval

FORUMS

The Form Tools forums are no longer active, but the old posts have been archived here. Please see the Help page on how to get help / report issues.

Thread Rating:

1 Vote(s) - 5 Average
1
2
3
4
5

Thread Modes

Security of Data and files

crunchers Offline

Offline

Junior Member

Posts: 46
Threads: 17
Joined: May 2010
Reputation: 0

#4

May 3rd, 2011, 1:09 AM (This post was last modified: May 3rd, 2011, 1:11 AM by crunchers.)

Hi, Alex.

To be honest, I'm still learning myself. Putting the password access issue aside for a moment, some basic things you could do is create an htaccess file in the uploads folder and prevent index listing and script execution:

Code:
Options -Indexes

AddHandler cgi-script .php .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi

As well as preventing unauthorised script execution, staff members would now have to know the the image file name in order to view any of the said pictures uploaded to this directory.

Furthermore, since you're only allowing pictures to be uploaded, you can restrict other files as follows:

Code:
<Files ^(*.jpeg|*.jpg|*.png|*.gif|*.png)>

order deny,allow

deny from all

</Files>

Also, try assigning the uploads directory 775 permissions instead of 777.

The best solution is to see if you can move the uploads directory outside of the WWW root (depends largely on webhost and setup).

Everything else you've described in terms of set-up sounds fine; Formtools provides a lot of the logic and necessary helper functions for dealing with uploads.

It's always a trade-off between security and accessibility but the above tips should help provide you with a good baseline.

Reply

Find

« Next Oldest | Next Newest »

Messages In This Thread

Security of Data and files - by alexh - May 2nd, 2011, 7:09 PM

RE: Security of Data and files - by crunchers - May 3rd, 2011, 12:27 AM

RE: Security of Data and files - by alexh - May 3rd, 2011, 12:49 AM

RE: Security of Data and files - by crunchers - May 3rd, 2011, 1:09 AM

RE: Security of Data and files - by alexh - May 3rd, 2011, 3:21 PM

RE: Security of Data and files - by crunchers - May 3rd, 2011, 11:22 PM

RE: Security of Data and files - by Ben - May 3rd, 2011, 8:16 PM

RE: Security of Data and files - by alexh - May 4th, 2011, 10:39 PM

RE: Security of Data and files - by Ben - May 4th, 2011, 7:37 AM

View a Printable Version

Users browsing this thread: 2 Guest(s)

Powered By MyBB, © 2002-2025 MyBB Group.