PDA

View Full Version : Possible Miscode in poll.php


DJ29Joesph
07-21-2009, 12:27 AM
I was coming across some code and was in poll.php and I think I found an error in the php file.

Heres the code

Its on line 626.

while ($name = $db->fetch_array($public))
{
fetch_musername($name);
$allnames["$name[voteoption]"][] = '<a href="member.php?' . $vbulletin->session->vars['sessionurl'] . "u=$name[userid]\">$name[musername]</a>";
}


I believe where the </a> ends it should be a single quote, not a double quote. Can someone please look at this for me.

I may be wrong I am just a beginner, but I thought I would give it a shot of reporting it.

I have vbulletin Version 3.8.3. Thanks

HMBeaty
07-21-2009, 12:29 AM
I do believe you are correct :)

--------------- Added 1248140019 at 1248140019 ---------------

Actually, now that I look at it again, I think it may be missing a quote

JamesC70
07-21-2009, 01:12 AM
I was coming across some code and was in poll.php and I think I found an error in the php file.

It looks correct to me. I'll use quote instead of code, so I can highlight the pairs:

$allnames["$name[voteoption]"]
[] = '<a href="member.php?'
. $vbulletin->session->vars['sessionurl']
. "u=$name[userid]\">$name[musername]</a>";


In each line of the quote above, the opening and closing quotes are highlighted in red.

The one that's throwing you off is the green one, preceeded with a backslash. The backslash indicates to PHP to "keep this intact, don't interpret it as code". This needs to be done when including a double-quote character within double-quote marks.

The double-quote before member.php (line 2 in quote above) doesn't need a backslash in front of it because it's not inside a pair of double-quotes, it's inside single quotes. Hence the difference.


Refer to php.net for further information (http://us2.php.net/manual/en/language.types.string.php#language.types.string.sy ntax.double). :)

DJ29Joesph
07-21-2009, 01:17 AM
Personally that doesn't make any sense.

Why would u=$name be part of </a>???

HMBeaty
07-21-2009, 01:19 AM
Thats part of the link that allows you to go to the users profile when clicked

JamesC70
07-21-2009, 01:21 AM
The code is creating a clickable link.... embedding a variable into HTML.

HTML uses <a href="_____">click this part</a> -- "click this part" is what you see on the screen; the code in brackets is what tells the browser to interpret it as a link.

DJ29Joesph
07-21-2009, 01:26 AM
$allnames[START1$name[voteoption]END1]
[] = START2<a href=START3member.php?END2
. $vbulletin->session->vars[START4sessionurlEND4]
. END3u=$name[userid]\START5 OR NOTHING>$name[musername]</a>START5 OR END 5;

still doesnt make any sense.

I know how to make a link I have 2 years of web design on my belt

EDIT::::

ok, if I'm correct the only thing wrong is "u=$name should be a single quote not double

JamesC70
07-21-2009, 01:45 AM
ok, if I'm correct the only thing wrong is "u=$name should be a single quote not double

If $name is inside a single quote, PHP won't give it a value. It must be inside double quotes, or inside no quotes at all, for PHP to assign a value to $name.

This is why $allnames["$name[voteoption]"] uses double-quotes instead of single-quotes, too.

The most important feature of double-quoted string (http://us2.php.net/manual/en/language.types.string.php)s is the fact that variable names will be expanded. See string parsing (http://us2.php.net/manual/en/language.types.string.php#language.types.string.pa rsing) for details.

DJ29Joesph
07-21-2009, 01:48 AM
I believe the quote is "$allnames
not ["$name

I think im seeing things

u= is part of the link not the variable

JamesC70
07-21-2009, 01:50 AM
I believe the quote is "$allnames
not ["$name

I think im seeing things

You might be. :( I've been copying/pasting from your first post, and everything looks consistent here.

Yes, u= is part of the link. When a variable is inside double-quotes, PHP will replace the variable with it's value. In this case, the user's id would be inserted in place of $name[userid].

DJ29Joesph
07-21-2009, 01:51 AM
never mind :(

Thanks

EDIT:::

I'm sorry to push this but the variable:

. $vbulletin->session->vars['sessionurl'] .

started with a single quote, shouldn't it end with a single quote?

and if you started the <a with a single quote shouldn't it end with a single quote, but it ends with a double.

JamesC70
07-21-2009, 02:50 AM
I'm sorry to push this but the variable:

. $vbulletin->session->vars['sessionurl'] .

started with a single quote, shouldn't it end with a single quote?

I see a single quote both before and after sessionurl.

$vbulletin->session->vars['sessionurl'] is the name of a vBulletin variable. In the quote in your original post, this is not in any quote marks at all, so it will be assigned its proper value when the script is run.

and if you started the <a with a single quote shouldn't it end with a single quote, but it ends with a double.
The ending single-quote is after the ? of member.php.

I really, really suggest picking up a book on PHP if you're going to dissect vBulletin scripts.

But, in short, the quotes are paired properly, because if they weren't the script would fail upon execution. It doesn't fail, ergo the quotes match. :)

HMBeaty
07-21-2009, 02:55 AM
Or have a look at this http://members.vbulletin.com/api/

DJ29Joesph
07-21-2009, 03:51 AM
Thanks for putting up with me, sorry bout the trouble. At least I learned something. Thanks again!

BTW Redlinemotorsports, thanks for that link I wish I knew about that a long time ago.