(not sure if this is the right place to report this, but wasn't sure where else to try)
http://deskthority.net/spy.php/ returns the following: "Trailing paths and PATH_INFO is not supported by phpBB 3.0"
http://deskthority.net/spy.php works correctly.
Bug report: Trailing slash on forum spy URL causes error
-
scottc
- ☃
- Location: Remote locations in Europe
- Main keyboard: GH60-HASRO 62g Nixies, HHKB Pro1 HS, Novatouch
- Main mouse: Steelseries Rival 300
- Favorite switch: Nixdorf 'Soft Touch' MX Black
- DT Pro Member: -
That's true, but I still find it strange that it worked before the phpBB upgrade. Seems like a strange thing to have changed in a minor release.
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
It was a security fix:
Tracker: https://tracker.phpbb.com/browse/PHPBB3-13531The second issue, reported to us by James Kettle, allows an attacker to load arbitrary CSS in Internet Explorer by crafting a URL with trailing paths after a PHP file (for example /path/index.php/more/path). This is only possible if the webserver configuration allows accessing PHP files in this manner. This can be exploited directly on Internet Explorer 7 or below, and on newer versions of Internet Explorer by using a frame that forces outdated rendering behavior.
-
scottc
- ☃
- Location: Remote locations in Europe
- Main keyboard: GH60-HASRO 62g Nixies, HHKB Pro1 HS, Novatouch
- Main mouse: Steelseries Rival 300
- Favorite switch: Nixdorf 'Soft Touch' MX Black
- DT Pro Member: -
Ah, right, thanks webwit. Now all I need to do is rewrite my browser history because the version with the trailing slash is for some reason the most used...
