in reply to What do people think of the YaBB forum script?

No strict, no warnings, no taint mode, lots of little text files - hm..

Update: Lots of global variables used to determine settings.. that reminds me of my nightmarish ventures in the UBB5 codebase.

I spent less than 10 mins grepping the sources and found this on /cgi-bin/yabb/Sources/Post.pl line 56:

fopen(FILE, "$datadir/$threadid.txt")

$threadid is taken directly from the CGI params as far as I can tell. I didn't look for more examples, a cursory grep revealed lots of samples.

fopen is defined in /cgi-bin/yabb/Sources/Subs.pl and does some cleaning up, but neglects to purge null bytes, pipes and backslashes. It does eat dots though.

I remember the YaBB site was broken into repeatedly. I'm not surprised.

Makeshifts last the longest.

Replies are listed 'Best First'.
Re: Re: What do people think of the YaBB forum script?
by Anonymous Monk on Sep 22, 2002 at 16:18 UTC
    Well well...look what comes from the people who didn't even write their own BBS. YaBB happens to be a fine BBS; but I will admit that it can be better and more secure. But that is what YaBB2 is for :)
[reply]

In Section Seekers of Perl Wisdom