Kunena 7.0.6 & Kunena 6.4.12 – Security Updates Released

The Kunena team has announce the arrival of Kunena 7.0.6 [K 7.0.6] in stable which is now available for download as a native Joomla extension for J! 5.4.x/6.0.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 / K 6.4 and issues discovered during the last development stages of K 7.0.

The Kunena team is also pleased to announce the twelfth version of Kunena 6.4, a native Joomla extension for Joomla! 5.0, 5.1, 5.2, 5.3, 5.4 and 6.0.

Topics that are moved into this category are generally considered to be closed. Users may want to add additional information but these topics should not be resurrected in order to discuss new problems or unrelated matters.

Question Notification Email: Corruption of Web Addresses

ptrnrs
Topic Author
Offline
New Member

15 years 2 months ago - 15 years 2 months ago #90996 by ptrnrs

Notification Email: Corruption of Web Addresses was created by ptrnrs

In my version of Kunena (1.6.3 - see below), I found that the following web addresses get corrupted in the email version of posts.
www.joomlahackers.net/joomla-1.6-tutoria...es-in-joomla-16.html
forum.joomla.org/viewtopic.php?f=199&t=251273

The first one corrupts at the "/n" and then second at the "&".

This problem with the first seems to be in the purify() function in /components/com_kunena/lib/kunena.smile.class.php at line 121:

Code:

$text = preg_replace ( '/&amp;/', ' ', $text );

I haven't tracked down the second one yet but it's sure to be in the same function.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Legacy mode: Disabled | Joomla! SEF: Disabled | Joomla! SEF rewrite: Disabled | FTP layer: Disabled |
This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 64M | Max file upload: 20M

This message contains confidential information

Joomla default template details : ja_social | author: JoomlArt.com | version: 1.2.1 | creationdate: 25/11/10

Kunena default template details : Blue Eagle (default) | author: Kunena Team | version: 1.6.3 | creationdate: 2011-01-31

Kunena version detailled: Installed version: 1.6.3 | Build: 4344 | Version name: Parlare | Kunena detailled configuration:

Warning: Spoiler!

[th]Kunena config settings:[/th]
board_title JoomlaOz

board_offline 0

board_ofset 0

offline_message <h2>The Forum is currently offline for maintenance.</h2>
Check back soon!

enablerss 1

enablepdf 1

threads_per_page 20

messages_per_page 10

messages_per_page_search 15

showhistory 1

historylimit 6

shownew 1

jmambot 0

disemoticons 0

template default

showannouncement 1

avataroncat 0

catimagepath category_images/

showchildcaticon 1

annmodid 62

rtewidth 450

rteheight 300

enableforumjump 1

reportmsg 1

username 1

askemail 0

showemail 0

showuserstats 1

showkarma 1

useredit 1

useredittime 0

useredittimegrace 600

editmarkup 1

allowsubscriptions 1

subscriptionschecked 1

allowfavorites 1

maxsubject 50

maxsig 300

regonly 0

changename 0

pubwrite 0

floodprotection 0

mailmod 1

mailadmin 0

captcha 1

mailfull 1

allowavatar 1

allowavatarupload 1

allowavatargallery 1

avatarquality 65

avatarsize 2048

allowimageupload 0

allowimageregupload 1

imageheight 800

imagewidth 800

imagesize 300

allowfileupload 0

allowfileregupload 1

filetypes zip,txt,doc,gz,tgz,pdf

filesize 500

showranking 1

rankimages 1

avatar_src

fb_profile

pm_component

userlist_rows 30

userlist_online 1

userlist_avatar 1

userlist_name 1

userlist_username 1

userlist_posts 1

userlist_karma 1

userlist_email 0

userlist_usertype 0

userlist_joindate 1

userlist_lastvisitdate 1

userlist_userhits 1

latestcategory 0

showstats 1

showwhoisonline 1

showgenstats 1

showpopuserstats 1

popusercount 5

showpopsubjectstats 1

popsubjectcount 5

usernamechange 0

rules_infb 1

rules_cid 1

help_infb 1

help_cid 1

showspoilertag 1

showvideotag 1

showebaytag 0

trimlongurls 1

trimlongurlsfront 40

trimlongurlsback 20

autoembedyoutube 1

autoembedebay 0

ebaylanguagecode en-us

fbsessiontimeout 1800

highlightcode 1

rss_type topic

rss_timelimit month

rss_limit 100

rss_included_categories

rss_excluded_categories

rss_specification rss2.0

rss_allow_html 1

rss_author_format name

rss_author_in_title 1

rss_word_count 0

rss_old_titles 1

rss_cache 900

fbdefaultpage categories

default_sort asc

alphauserpointsnumchars 0

sef 1

sefcats 0

sefutf8 0

showimgforguest 1

showfileforguest 1

pollnboptions 4

pollallowvoteone 1

pollenabled 1

poppollscount 5

showpoppollstats 1

polltimebtvotes 00:15:00

pollnbvotesbyuser 100

pollresultsuserslist 1

maxpersotext 50

ordering_system mesid

post_dateformat ago

post_dateformat_hover datetime

hide_ip 1

js_actstr_integration 0

imagetypes jpg,jpeg,gif,png

checkmimetypes 1

imagemimetypes image/jpeg,image/jpg,image/gif,image/png

imagequality 50

thumbheight 32

thumbwidth 32

hideuserprofileinfo put_empty

integration_access auto

integration_login jomsocial

integration_avatar jomsocial

integration_profile jomsocial

integration_private jomsocial

integration_activity jomsocial

boxghostmessage 0

userdeletetmessage 0

latestcategory_in 1

topicicons 1

onlineusers 1

debug 0

catsautosubscribed 0

showbannedreason 0

version_check 1

showthankyou 1

showpopthankyoustats 1

popthankscount 5

mod_see_deleted 0

bbcode_img_secure text

listcat_show_moderators 1

lightbox 1

activity_limit 0

show_list_time 720

show_session_type 0

show_session_starttime 0

userlist_allowed 0

Third-party components: AlphaUserPoints: Disabled or not installed | CommunityBuilder: Disabled or not installed | Jomsocial: Installed (Version : 2.0.5) | UddeIm: Disabled or not installed

Third-party SEF components: sh404sef: Installed (Version : 2.2.3.945) | ARTIO JoomSEF: Disabled or not installed | AceSEF: Disabled or not installed

Plugins: System - Mootools12: Disabled | System - Mootools Upgrade: Enabled | JFirePHP: Disabled or not installed | Kunena Discuss: Disabled or not installed | Kunena Search: Enabled (Version : 1.6.2) | My Kunena Forum Menu: Disabled or not installed | My Kunena Forum Posts: Disabled or not installed

Modules: Kunena Latest: Enabled (Version : 1.6.2) | Kunena Stats: Disabled or not installed | Kunena Login: Disabled or not installed

Last edit: 15 years 2 months ago by ptrnrs.

Please Log in or Create an account to join the conversation.

ptrnrs
Topic Author
Offline
New Member

15 years 2 months ago - 15 years 2 months ago #90997 by ptrnrs

Replied by ptrnrs on topic Re: Notification Email: Corruption of Web Addresses

Below is the email version of the above post with corruptions indicated:-

Last edit: 15 years 2 months ago by ptrnrs.

Please Log in or Create an account to join the conversation.

ptrnrs
Topic Author
Offline
New Member

15 years 2 months ago #91137 by ptrnrs

Replied by ptrnrs on topic Re: Notification Email: Corruption of Web Addresses

The "&" problem comes from /administrator/components/com_kunena/libraries/html/parser.php stripBBCode() line 54

Code:

$txt = self::escape ( $txt );

Also causes '<' to be converted to '<' and ">' to '>'.

Please Log in or Create an account to join the conversation.

Time to create page: 0.266 seconds