PDA

View Full Version : vBulliten 3.0.7 Unexistant File Edit


MicroLinux?
02-24-2005, 11:13 PM
Hello all, I am installing vBAdvanced Warning System (the latest in the download thread) on vBulliten 3.0.7 and when the file edit comes for private.php it tells you to do this:

In the same file, find:

// check for valid users
$pm['recipients'] = vbstrtolower(trim($pm['recipients']));

Right below that, add:

if (!$warn_opts['collector']=='' OR !$warn_opts['collector']=='0')
{
if (!$warn_opts['automatic_warner']=='')
{
$w=$warn_opts['automatic_warner'];
$autowarner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$autowarner=vbstrtolower($autowarner['username']);
}
if (!$warn_opts['warner']=='')
{
$w=$warn_opts['warner'];
$warner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$warner=vbstrtolower($warner['username']);

}
$w=$warn_opts['collector'];
$collector=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$collector=vbstrtolower($collector['username']);

}

but this is the actual code in the private.php file.

// check for valid users
$pm['recipients'] = trim($pm['recipients']);

if ($pm['recipients'] == '')
{
eval('$errors[] = "' . fetch_phrase('pminvalidrecipient', PHRASETYPEID_ERROR) . '";');
}
else if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'])) // multiple recipients attempted
{
$users = preg_split('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($users AS $recipient)
{
$recipient = trim($recipient);
if ($recipient != '')
{
$recipients["$recipient"] = addslashes(htmlspecialchars_uni($recipient));
}
}
}

Should I just put it to make this:


// check for valid users
$pm['recipients'] = trim($pm['recipients']);
if (!$warn_opts['collector']=='' OR !$warn_opts['collector']=='0')
{
if (!$warn_opts['automatic_warner']=='')
{
$w=$warn_opts['automatic_warner'];
$autowarner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$autowarner=vbstrtolower($autowarner['username']);
}
if (!$warn_opts['warner']=='')
{
$w=$warn_opts['warner'];
$warner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$warner=vbstrtolower($warner['username']);

}
$w=$warn_opts['collector'];
$collector=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$collector=vbstrtolower($collector['username']);

}

if ($pm['recipients'] == '')
{
eval('$errors[] = "' . fetch_phrase('pminvalidrecipient', PHRASETYPEID_ERROR) . '";');
}
else if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'])) // multiple recipients attempted
{
$users = preg_split('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($users AS $recipient)
{
$recipient = trim($recipient);
if ($recipient != '')
{
$recipients["$recipient"] = addslashes(htmlspecialchars_uni($recipient));
}
}
}

Thanks, Travis.




EDIT: I just ignored the difference and pasted it where it should have. I dont notice any errors yet. =D

TruthElixirX
02-25-2005, 12:03 AM
I did the same thing and haven't noticed any errors yet either. So I don't think it matters.

Delphiprogrammi
02-25-2005, 07:20 PM
same here private.php didn't changed in the latest vb release however be sure you have the security patch for the XSS exploit in private php see announcements forum here (https://vborg.vbsupport.ru/showthread.php?t=74035) for a list of files that has been changed in vb3.0.7 you can go here (http://www.vbulletin.com/forum/showpost.php?p=819569&postcount=4)