PDA

View Full Version : Bug in hack mod but author is not responding


kevius
03-29-2017, 01:08 PM
Hello,

I'm French. I have a big problem with a vBulletin 4.2 mod :

https://vborg.vbsupport.ru/showthread.php?t=232556

The author is not here since march 2016...

The bug is : if a subject have " or ' character the hack make a SQL error when using it !

" and ' are typicaly french characters and i need a bug fix for this hack.

Is there anybody for this bug fix ?

Here it is the source code of the hack :


<?xml version="1.0" encoding="ISO-8859-1"?>

<product productid="wog_captit" active="1">
<title>WoG - Change All Post Title In Thread</title>
<description />
<version>1.1.0</version>
<url><![CDATA[https://vborg.vbsupport.ru/misc.php?do=producthelp&pid=wog_captit]]></url>
<versioncheckurl><![CDATA[https://vborg.vbsupport.ru/misc.php?do=productcheck&pid=wog_captit]]></versioncheckurl>
<dependencies>
<dependency dependencytype="vbulletin" minversion="4.0.0" maxversion="" />
</dependencies>
<codes>
</codes>
<templates>
</templates>
<stylevardfns>
</stylevardfns>
<stylevars>
</stylevars>
<plugins>
<plugin active="1" executionorder="5">
<title>WoG - CAPTIT - Threadmanage Display</title>
<hookname>threadmanage_complete</hookname>
<phpcode><![CDATA[if ($vbulletin->options['wog_captit_enable'] AND $_REQUEST['do'] == 'editthread')
{
$wog_input = array('<label for="cb_open">');
$wog_output = array('
<label for="wog_setall">
<input type="checkbox" name="wog_setall" value="yes" id="wog_setall" /> ' . $vbphrase['wog_setall'] . '
</label>
</li>
<li>
<label for="wog_prefixadd">
&nbsp;&nbsp;&nbsp;<input type="checkbox" name="wog_prefixadd" value="yes" id="wog_prefixadd" /> ' . construct_phrase($vbphrase['wog_prefixadd'], $vbulletin->options['wog_captit_prefix']) . '
</label>
</li>
<li>
<label for="cb_open">');
$vbulletin->templatecache['threadadmin_editthread'] = str_replace($wog_input, $wog_output, $vbulletin->templatecache['threadadmin_editthread']);
}]]></phpcode>
</plugin>
<plugin active="1" executionorder="5">
<title>WoG - CAPTIT - Threadmanage Init</title>
<hookname>threadmanage_update</hookname>
<phpcode><![CDATA[if ($vbulletin->options['wog_captit_enable'])
{
$vbulletin->input->clean_array_gpc('p', array(
'wog_setall' => TYPE_BOOL,
'wog_prefixadd' => TYPE_BOOL,
));
if ($vbulletin->GPC['wog_setall'])
{
if ($vbulletin->GPC['wog_prefixadd'])
{
$db->query_write("
UPDATE `" . TABLE_PREFIX . "post` AS `post`
SET `post`.`title` = '" . $vbulletin->options['wog_captit_prefix'] . $vbulletin->GPC['title'] . "'
WHERE `post`.`threadid` = '" . $threadinfo['threadid'] . "'
AND `post`.`postid` != '" . $threadinfo['firstpostid'] . "'
");
}
else
{
$db->query_write("
UPDATE `" . TABLE_PREFIX . "post` AS `post`
SET `post`.`title` = '" . $vbulletin->GPC['title'] . "'
WHERE `post`.`threadid` = '" . $threadinfo['threadid'] . "'
");
}
}
}]]></phpcode>
</plugin>
</plugins>
<phrases>
<phrasetype name="Thread Management" fieldname="threadmanage">
<phrase name="wog_setall" date="1262972458" username="WoG" version="1.0.0"><![CDATA[Set the title of this thread as the title of all posts in this thread]]></phrase>
<phrase name="wog_prefixadd" date="0" username="WoG" version="1.1.0"><![CDATA[Add predefined prefix ({1}) to all posttitles excepting first post]]></phrase>
</phrasetype>
<phrasetype name="vBulletin Settings" fieldname="vbsettings">
<phrase name="setting_wog_captit_enable_desc" date="0" username="WoG" version="1.0.0"><![CDATA[If 'Yes' - the modification is on.<br /> If 'No'- despite the setting - the modification is turned off.]]></phrase>
<phrase name="setting_wog_captit_enable_title" date="0" username="WoG" version="1.0.0"><![CDATA[Hack Enabled?]]></phrase>
<phrase name="setting_wog_captit_prefix_desc" date="0" username="WoG" version="1.1.0"><![CDATA[Please define a prefix, which will be placed before <i>posttitle</i>.<br />HTML is allowed.]]></phrase>
<phrase name="setting_wog_captit_prefix_title" date="0" username="WoG" version="1.1.0"><![CDATA[Prefix]]></phrase>
<phrase name="settinggroup_wog_captit_group" date="0" username="WoG" version="1.0.0"><![CDATA[WoG - Change All Post Title In Thread]]></phrase>
</phrasetype>
</phrases>
<options>
<settinggroup name="wog_captit_group" displayorder="65538">
<setting varname="wog_captit_enable" displayorder="5">
<datatype>boolean</datatype>
<optioncode>yesno</optioncode>
<defaultvalue>1</defaultvalue>
</setting>
<setting varname="wog_captit_prefix" displayorder="10">
<datatype>free</datatype>
<defaultvalue><![CDATA[Re:&nbsp;]]></defaultvalue>
</setting>
</settinggroup>
</options>
<helptopics>
</helptopics>
<cronentries>
</cronentries>
<faqentries>
</faqentries>
</product>

Help will be very appreciated !

Thanks a lot

Fred

Dave
03-29-2017, 01:12 PM
In that XML file, replace
if ($vbulletin->GPC['wog_prefixadd'])
{
$db->query_write("
UPDATE `" . TABLE_PREFIX . "post` AS `post`
SET `post`.`title` = '" . $vbulletin->options['wog_captit_prefix'] . $vbulletin->GPC['title'] . "'
WHERE `post`.`threadid` = '" . $threadinfo['threadid'] . "'
AND `post`.`postid` != '" . $threadinfo['firstpostid'] . "'
");
}
else
{
$db->query_write("
UPDATE `" . TABLE_PREFIX . "post` AS `post`
SET `post`.`title` = '" . $vbulletin->GPC['title'] . "'
WHERE `post`.`threadid` = '" . $threadinfo['threadid'] . "'
");
}
with
if ($vbulletin->GPC['wog_prefixadd'])
{
$db->query_write("
UPDATE `" . TABLE_PREFIX . "post` AS `post`
SET `post`.`title` = '" . $vbulletin->db->escape_string($vbulletin->options['wog_captit_prefix'] . $vbulletin->GPC['title']) . "'
WHERE `post`.`threadid` = '" . $threadinfo['threadid'] . "'
AND `post`.`postid` != '" . $threadinfo['firstpostid'] . "'
");
}
else
{
$db->query_write("
UPDATE `" . TABLE_PREFIX . "post` AS `post`
SET `post`.`title` = '" . $vbulletin->db->escape_string($vbulletin->GPC['title']) . "'
WHERE `post`.`threadid` = '" . $threadinfo['threadid'] . "'
");
}

kevius
03-29-2017, 01:18 PM
wouawou !

THANK YOU VERY VERY MUCH !!!!