Skip to main content
Topic: attachments 404 (Read 2996 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

attachments 404

Two problems:
1) for some reason the directory settings were all wiped out during the upgrade,
2) bad behaviour requires a theme and attachments don't load the theme, so the question is: do attachments need bad behaviour? If the answer is no, loadBadBehavior (and maybe loadBBCParsers as well) should be called only with loadTheme, otherwise there is something to tweak.
Bugs creator.
Features destroyer.
Template killer.

Re: attachments 404

Reply #1

On BB, you mean for dlattach actions ?

Re: attachments 404

Reply #2

Quote from: Spuds – On BB, you mean for dlattach actions ?
Yep.

What I did here live is:
Code: [Select]
	// Attachments don't require the entire theme to be loaded.
if ($_req->getQuery('action') === 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest']) && (empty($maintenance) || allowedTo('admin_forum')))
detectBrowser();
// Load the current theme.  (note that ?theme=1 will also work, may be used for guest theming.)
else
{
loadTheme();

// Load BadBehavior before we go much further
loadBadBehavior();

// The parser is not a DIC just yet
loadBBCParsers();
}
Bugs creator.
Features destroyer.
Template killer.

Re: attachments 404

Reply #3

I'd think you would want to protect that action with BB but its not critical

Re: attachments 404

Reply #4

I really don't know (in the sense that I really have no idea what BB does LOL), I assumed BB was intercepting forms POST'ed in order to avoid registrations and stuff like that, so I thought was safe to let attachments be downloaded at will.
But if you say to, then we have to fix the (bad :P) behaviour... what an idiotic joke. LOL
Bugs creator.
Features destroyer.
Template killer.

Re: attachments 404

Reply #5

BB also may use the HTTP BL so it can block based on that (at least that was my thought in this case)

 

Re: attachments 404

Reply #6

Quote from: emanuele – I really don't know (in the sense that I really have no idea what BB does LOL), I assumed BB was intercepting forms POST'ed in order to avoid registrations and stuff like that, so I thought was safe to let attachments be downloaded at will.
But if you say to, then we have to fix the (bad :P) behaviour... what an idiotic joke. LOL
For me it doesn't do all that much to prevent registrations per se, but rather the enormous bandwidth and CPU leech caused by such bots. Which includes more than just (failed) registrations, although that's what they concentrate on the most.

Or to put it another way, if PHP is involved in loading attachments it'd be a damn shame if Bad Behavior didn't step in to kick out, um, badly behaving/blacklisted entities.