Kusaba X

"We understand this code stuff"

Kusaba X 0.9.1 Released! by Sazpaimon - 02/15/10 @ 01:19 PM EST #

Today we are releasing version 0.9.1 of Kusaba X. This is a maintenance release that fixes several bugs and issues since 0.9 was released last year, and a major security update that fixes a problem whereby an attacker can take over or potentially delete your board via the reports panel.
I repeat, this release fixes a major security flaw.

You can download the files below:

Kusaba X 0.9.1 Full (for fresh installs).
Kusaba X 0.9.1 Upgrade (for updating an already configured 0.9 install).

The Sourceforge page will be updated shortly.
Also, version 1.0 is slowly being developed. We have hit a few roadblocks in development but we are still actively working on it. If you would like to aid in developing 1.0 with us, give me (Sazpaimon) a holler on IRC (irc.sinirc.net #kusabax) or post on /c/ with any contact info for us to drop you a line.

Changes:

Added missing <body> tag on the "You are banned!" page
Sanitized report reasons to prevent XSS attacks
Add escaping for Rules, FAQ, and News database entry
Fixed a couple issues with r234
Fix announcements from not being deleted.
Backported some code from trunk to fix displaying omitted posts/images in SQLite installs.
Fix a bug where load balancer enabled boards cannot delete files.
Another fix for strict MySQL installs.
Fix for an installation error with MySQL set to strict mode, specifically STRICT_TRANS_TABLES. This should fix that
Backported dwoo.php from trunk to stable to fix a rare installation error with some PHP installs.
Added some minor javascript fixes.
Removed unused variables from board.php
GetID3 used now deprecated functions like ereg and set_magic_quotes_runtime. Convert ereg to preg_match and throw an error if magic quotes are enabled on PHP >= 5.3.
ereg() is deprecated in PHP 5.3 and thus returns an E_DEPRECATED message, replaced with preg_match()
Fixed some typos and other things that completely break bans and FAQ/Rules editing on PostgreSQL (and possibly SQLite)
Fixed bug in proxyban
Fix a bug where a link would not be properly parsed if the character immediately after it isn't a space (for example, [spoiler]http://www.google.com[/spoiler])
Fixed an extremely rare bug where a tag would be partially opened on the board page due to it being cut off by the log message filter. You'll probably never have this happen anyway.
Added a div to non-text board thread templates.
Enclosed a word around {t}...{/t} in the header templates.
Removed the completely unused $tpl_irc variable from menu.class.php

0.9 has been released! by Harrison - 05/25/09 @ 02:01 AM EDT #

KUSABA X 0.9 HAS BEEN RELEASED


After numerous beta and RC released, Kusaba X 0.9 has finally been released. A lot of things have changed in 0.9, but that will be gone over later. You can download Kusaba X 0.9 Final here.

Update: A partial changelog from 0.8 to 0.9 can be found here

Kusaba X RC2 by Harrison - 05/16/09 @ 08:32 PM EDT #

RC2 of Kusaba X has been released. You can get it here.

GIRUGAMESH by Harrison - 05/01/09 @ 12:55 AM EDT #

KusabaX.org got hit with Girugamesh spam. I'm a lazy person and don't feel like fixing it right now, so I locked every board.

IF YOU NEED ANY HELP, JOIN IRC: CLICK HERE

AND NOW IT IS FIXED. ALL HAIL SQL QUERIES

OH GOD IT'S BACK

NO MORE GIRUGAMESH. EVER. :D

Updates by Harrison - 04/29/09 @ 08:25 PM EDT #

Today, the site was down for about an hour while I updated the site to the latest RC version of Kusaba X. If you encounter any errors, post them in /sup/.

Kusaba X 0.9 Release Candidate by Harrison - 04/25/09 @ 12:17 AM EDT #

Kusaba X 0.9 has been upgraded to RC status. You can find the download here.

EDIT: 7chan is down, get it here.

0.9 Beta by Harrison - 04/11/09 @ 11:33 PM EDT #

A public beta for 0.9 can be found here. Report any bugs you find in that thread, or in the /sup/ board.

Another fix. by Harrison - 01/06/09 @ 06:43 AM EST #

This is another fix for the Apache bug. Instead of renaming files, this adds .htaccess files to each /boarddir/src/. Download it, run it from your webroot (same folder as config.php), and then delete it. You can get it here.

EDIT: I'm a dumbass, clear your cache and redownload it.

Another Exploit, this time in Apache by Harrison - 01/03/09 @ 04:19 PM EST #

As you all know, while I was gone, KusabaX.org was "hacked". It wasn't due to the software though, instead, it was due to how Apache (The webserver) would handle unknown file types.

For example, if you allowed filetype XM, and your server wouldn't send the correct MIME type for that, you would be vulnerable. In the case it doesn't recognize a filetype, Apache would look for another one. So if someone uploaded, let's say, blah.php.xm, Apache would see XM, go WTF, and then go to PHP and execute it.

Anyways, now that the details are explained, you can download /inc/classes/upload.class.php here.

EDIT: Hey, it looks like Serissa is using our patch as well.

paint_save.php by harrison - 12/23/08 @ 01:06 AM EST #

As you all know, back in October I released a patch for the exploits. However, it turns out that the exploit fix has broken, and is no longer allowing files to be uploaded to /kusabaoek/. I just released a new version of the patch to fix this problem. You can get it here.

NSFW by Harrison - 12/21/08 @ 05:08 PM EST #

Alright, I just realized that I need to start cracking down on the posting of NSFW images. We use Google Adsense, so posting them can get our account deactivated. From now on, I will be deleting any NSFW images.

S2KX by Harrison - 12/14/08 @ 03:06 PM EST #

I added a script to allow people to upgrade from Serissa 1.0.5 to Kusaba X. You can get it here.

Kusaba X v0.8 Released! by Harrison - 10/15/08 @ 03:35 PM EDT #

I just added Kusaba X v0.8 to the downloads page.

Two major things: I moved the Mod link to be next to subject, to allow for modposting on Embed only boards.

If you are upgrading from Kusaba v1.0.4, you will need to backup your current config.php, upload the new files, and then edit the new config.php to work on your server.

Any errors you find go in /sup/

Kusaba X v0.8 - Download

UPDATE: If you downloaded the files before around 8:00PM EST, you will need to redownload them. I pulled a dumbass and forgot to test my last minute changes.

Release Today by HArrison - 10/15/08 @ 06:40 AM EDT #

At around 3PM EST today, I'll put the first release up for download.

Exploit Fixed! by harrison - 10/11/08 @ 03:20 PM EDT #

I just fixed the exploits that were posted here and here.

Kusaba Remote Code Execution Exploit Fix - Courtesy of Kusabax.org

Exploits by Harrison - 10/10/08 @ 04:12 PM EDT #

As you all should know by now, yesterday, 10/9/2008, two exploits were released for Kusaba 1.0.4. All current derivatives are vulnerable, including Kusaba X. I am working on a fix now, and I'm sure that the others are as well. Until then, the Oekaki board is closed due to exploits.

Kusaba X by Harrison - 10/08/08 @ 04:20 PM EDT #

I've decided to continue on with Kusaba, seeing as Trevor decided to back out on his support of Kusaba. I'm aiming for a first release either by the end of this week (10/10/08) or the middle of the month (10/15/08).

Got anything that you would like to see? Post it in Suggestions.

XHTML 1.0 Valid
The Chan Top List