I understand a product getting quarantined but what good does it do if no one can reply to the thread and discuss what's going on? When I try to respond to the iTrader thread it says I can't.

So... why was it quarantined? Any plans on it being fixed? Etc?

that is the whole point of "quarantined" no one has access to it.

The email message I got told me it had been quarantined and I should turn it off but not why.

What is the problem with it? Does it have some security hole? Is it causing planes to fall out of the sky? What?

A bit of info would be good.

If it gets quarantined, yes, there is a security issue. And no, you won't get told what exactly it is. That's the policy, and it's a good policy. You don't want to make it even easier to the bad guys by telling them right away what to exploit.

Just last week I received an e-mail about a different mod being quarantined and I could still post in the thread and people using the mod were able to discuss what was going on (not giving away the specifics, but just general discussion). This time around we're cut out and have no source of updates except to wait for another e-mail. I understand not allowing people to know the specifics, but it'd still be nice to somehow have a way to discuss what's going on so we know the person who wrote the modification is doing something about it, is planning on fixing it, and when.

The last time the developer was online was February 8th, doesn't look like this is going to get resolved in a couple of days...

That other mod from last week happened to be one that has it's own forum, so there were other threads that were used for discussion. But it kind of looks like you're discussing it here.

I've been looking through the plugins, to see if I could fix this on my own board, but to no avail so far.

Hopefully the mod developer gets on and releases a fix.

Subscribed.

Been awhile and still no fix. This is practically one of the first mods to install on a forum, it's really unfortunate that there's no fix yet...

I am hoping this gets fixed fast. Where is the author?

Last forum activity for entertain was February 8th... looks like iTrader isn't going to be fixed anytime soon... :( :( :( :(

I sure hope this gets fixed soon, I'd like to add the user rating system and iTrader is all I've found so far.

Why cant vbenhancer fix this as he created the addon to start with.

The email message I got told me it had been quarantined and I should turn it off but not why.

What is the problem with it? Does it have some security hole? Is it causing planes to fall out of the sky? What?

A bit of info would be good.

Planes are falling, I was just flying around Metropolis and had to save a few myself did you see me in the baseball field? I believe they filmed me doing that one!

Kidding but point being, if it's Quarantined no matter the modification in question, there is a good reason.

Why cant vbenhancer fix this as he created the addon to start with.
He did not release the version that was quarantined. Another coder had permission to port it to vB4 and released it. That coder is now responsible for it.

Can't we just get someone who knows how to code to look at it and fix the code appropriately? Obviously the developer of the vb4 version has no intentions of fixing it. I'd expect something like this for a lesser known mod but c'mon iTrader is one of the top mods for vb4... You'd think the vbulletin.org staff could take some ownership and fix the issue. I know it's not their responsibility, but the version has been quarantined and no one knows why aside from that it must be a good reason... whoever deemed it needed to be quarantined knows enough about coding that they probably could have just fixed it and everyone could continue on their merry way...

Can't we just get someone who knows how to code to look at it and fix the code appropriately? Obviously the developer of the vb4 version has no intentions of fixing it. I'd expect something like this for a lesser known mod but c'mon iTrader is one of the top mods for vb4... You'd think the vbulletin.org staff could take some ownership and fix the issue. I know it's not their responsibility, but the version has been quarantined and no one knows why aside from that it must be a good reason... whoever deemed it needed to be quarantined knows enough about coding that they probably could have just fixed it and everyone could continue on their merry way...


Agreed, someone here knows the problem so why not just tell us what file to edit to fix the problem.

If somebody wishes to take over the modification and release it themselves, you would need to talk with the current developer and get permission to take it over.

And considering he hasn't been on the site for a month even after his mod was quarantined I doubt we'll get a response... But if someone knows how to code and is willing to do it, please do! I'd be willing to paypal someone $2 for their time, I'm sure others could chip in 1-2 bucks too.

This is causing quite the commotion on my forum, since the iTrader isn't working.

Pls Release a Comeback from Itrader :):)

Seriously... still nothing?

What do you expect to happen? Lynne has pointed out the options.

So because the coder has lost interest we all just have to give up on ever using iTrader again? What I expected to happen is vBulletin.org staff to go "Hey, this is a pretty popular mod, since we already know what the flaw is, we can just fix it..." Or at the very least another coder to step in and rescue the mod. I already said I'm willing to chip in money to have the mod fixed, I'm sure others would join in if someone would just help us...

If he can't or won't be contacted: yes. You can pay a coder to fix your installation, bu you can't publish it here. You could post the changes necessary in the thread, though, I guess. Or offer diff-patches. You also can contact the coder of the vB3-Version to get his o.k. to start from there to make a fresh adaption to vB4. You also could be patient. The addon has been quarantined for two weeks now. Please realize that people have lives beside offering addons for free at vb.org. The coder may be temporarily unavailable for a variety of reasons.

Addons on vb.org come for free, and they come without any guarantee whatsoever, especially not with a guarantee that fixes for issues will be provided in short time (or at all). The coder owes you nothing, and much less do the admins or mods of vb.org. You surely were aware of that fact when you downloaded and installed the addon, were you not?

We can't post the changes in the thread because we can't post in the thread at all -- that was why I created this thread.

Yes I was aware of everything that you said, but the fact that the coder has not been on the site since the beginning of February lends me to think he wasn't concerned with his modification being quarantined. I understand that no one owes us anything which is why I'm offering to pay for someone to fix it. It's just surprising when we're talking about such a popular modification like iTrader. When IbpArcade was quarantined recently, it was fixed within a few days.

Again, the frustration is that there are people who know what the problem is and how to fix it but won't.

Yes I was aware of everything that you said, but the fact that the coder has not been on the site since the beginning of February lends me to think he wasn't concerned with his modification being quarantined.
You should not be so quick and harsh in your judgement if you lack any information. There are many causes I can think of why I would not be able to visit this site for a long time, or not anymore at all. Several of them not very pleasant or of the choosing of the coder.

I am guessing the previous version before the last update also had the same security issue?

Moving to Xenforo is not an option really.

My "harshness" is not directed at the coder. It would be nice if he could pop in and let us know he got the e-mail and plans to fix it or not, but again my main frustration is that vB.org staff found the flaw and I know they have competent coders on their team that could fix it in a handful of minutes if they wanted to.

In other modifications on this site, you will routinely see people other than the developer offering file edits to slightly modify or enhance a product. Fixing the security flaw in this product should be no different. I know we don't want to "give away" what the security risk is to allow the modification be exploited even more easily, but can't the vb.org staff that know what the flaw is just fix the bad line(s) of code and then attach the updated file so we can all move on? It's just frustrating that there are people on this site that know what the flaw is, know how to fix it, and yet just sit back saying "Well, too bad - it's the developer's problem to fix, not mine..."

I contacted vbenhancer last week and asked if he could give us a fix, he said he would look in to it.

but again my main frustration is that vB.org staff found the flaw and I know they have competent coders on their team that could fix it in a handful of minutes if they wanted to.
You can be frustrated at us all you want. But just remember, most of us have other jobs and this is just a volunteer run site. Besides that, we cannot post a fix for the modification either. The only person who may post a fix is the one who released it or the person who they give permission to take over the modification. We have not even looked through the code to see how many areas need to be fixed. We found one place, and someone let us know of another, but we have not gone through the code to find out if it is only in those two places or in several places. It isn't our job to do that. It is our job to quarantine it if one security issue is found and then to let the coder go through their code a bit more carefully before releasing it again.

Has anyone in this thread contacted the developer to ask to take over the modification and fix it?

Has anyone in this thread contacted the developer to ask to take over the modification and fix it?

As he has not logged in and is not accepting emails then that could be a problem.

Lol, I really cant see the logic in getting your knickers in a twist because you are using a FREE modification built by someone that has taken THEIR time to build. Then trying to get someone else who is also a volunteer to spend their time to fix it for you.

There is a reason there is paid services section of this site, no one should every be at a point where they rely on something they got for free and rely on people that do things for free , people loose interest, become ill, have other commitments and guess what ? they have no incentive to come back and fix the problem.

Dont get me wrong i understand the frustration and often get annoyed by things disappearing which were otherwise very useful but if these things do happen you can't expect other people to pick up the peace's because you are in a muddle..

Why don't you all just use iTrader 2.5.0 ? And stop using the vB 4.x series.

Lol, I really cant see the logic in getting your knickers in a twist because you are using a FREE modification built by someone that has taken THEIR time to build. Then trying to get someone else who is also a volunteer to spend their time to fix it for you.

There is a reason there is paid services section of this site, no one should every be at a point where they rely on something they got for free and rely on people that do things for free , people loose interest, become ill, have other commitments and guess what ? they have no incentive to come back and fix the problem.

Dont get me wrong i understand the frustration and often get annoyed by things disappearing which were otherwise very useful but if these things do happen you can't expect other people to pick up the peace's because you are in a muddle..

Offered multiple times to pay someone to fix it, thanks. :up:

Offered multiple times to pay someone to fix it, thanks. :up:
If you want to pay someone to fix it, you should not be asking in this thread, you should be posting the in the Request for Paid Services forum.

hum, actually, i'm taking over back the modification as the author of the newer version is nowhere to be found...

i'll have to check with Lynne to have access to the quarantine thread and see the report on the bug found to fix it and re-release my engine in a newer version...

Sincerely, vbenhancer, thank you for helping everyone out. Please PM me your paypal address and I'll send a donation your way as a token of appreciation.

entertain sent me a PM today saying the fix would be to replace itrader_main.php with the attached file:
http://www.faq4mobiles.de/handyfaq/iTrader%202.8.2%20RC2%20PATCHED.zip

entertain sent me a PM today saying the fix would be to replace itrader_main.php with the attached file:
http://www.faq4mobiles.de/handyfaq/iTrader%202.8.2%20RC2%20PATCHED.zip
Thanks for that post. Can anyone confirm that they have now installed this patch, and that iTrader is working on 4.1.10?

Yes entertain did provide a fix for the mod this morning, I am giving it a quick look-over to make sure it fixed the exploits we knew about and assuming it does will restore the itrader mod out of quarantine.