vb.org Archive
Page 159 of 190 « First 59109149157158 159 160161169 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Major Additions - ibProArcade - professional Arcade System (https://vborg.vbsupport.ru/showthread.php?t=101554)

Zahl 08-30-2011 05:05 PM
Anyone figured out yet what the change/fix is? I have modified my version of ibPA and would like to just apply the fix manually.... unless it includes a major remodeling of everything.

ForceHSS 08-30-2011 05:45 PM
just upload all the files and dont worry about where the fix is no one is going to tell you

ForceHSS 08-30-2011 05:46 PM
I would like to find a fix for my problem above I have this on my test forum but before I go live I need to know how to get it working

kh99 08-30-2011 05:49 PM
I have no more information than anyone else. I figured out what the issue was by looking at the release and comparing with the old files, but since the moderators and admins declined to post the info, I don't think I should either. But the files in the download zip file have dates on them and the mod was only quarantined a couple days ago, so there's nothing stopping someone from extracting the files into a directory and searching for the ones that were changed recently...

JacquiiDesigns 08-30-2011 05:50 PM
Quote:
Originally Posted by ForceHSS (Post 2240061)
just upload all the files and dont worry about where the fix is no one is going to tell you
easy to say when you haven't spent hours and hours and hours customizing your ibProArcade install! Anyway - hopefully someone will share the fix as I and others have asked:

Quote:
Thanks so much for the fix MrZeroPage.
I've a question please. The release history .txt says "one security-issue fixed"
Can you tell us how many and/or which files were changed to fix the security issue?
Perhaps instead of uploading/overwriting all files & reinstalling the product, we may be able to overwrite (patch) only the file that presented the security issue.

Thanks,

J.

Gemma 08-30-2011 06:09 PM
I took me about 3 minutes to compare all the files, probably as long...if not less time than as some of you have waited in this thread for answers. You call yourself admins...and some even claim to offer professional support - do yourself a favour and download a compare program (you'll need it to compare and make the edits to the files below if you would rather not just overwrite the files).

Between versions 2.7.0+ and 2.7.1+ the following files have changed (code changes as opposed to just something like 2.7.0+ becoming 2.7.1+ in the file)

arcade.php
admincp/arcade.php
functions/functions.php
modules/mod_favorites.php
modules/mod_league.php
modules/mod_report.php
modules/mod_settings.php
skins/skin_arcade.php
skins/skin_v3arcade.php

And the product file (obviously).

Some changes are only 1 line

That took about 3 minutes to find out and I even sent a text message inbetween comparing.

Go figure :rolleyes:

Thanks for the speedy update MrZeropage.

PossumX 08-30-2011 06:13 PM
Quote:
Originally Posted by Erica1977 (Post 2239982)
ok i will not upgrade since there's no support here will stay 2.7.0+
The coder makes it very clear, IF YOU READ THE TOP OF ALL THREAD PAGES (enjoy the vulnerability, as now that it is brought to light, it was not real hard to find it, and exploitation is now much more likely on lower versions):

** ...And remember that Support is given in the ibProArcade-Support-Forum **

Click here
to jump to the
ibProArcade-Support-Forum
in the Premium-Modification-Section

HMBeaty 08-30-2011 06:14 PM
Quote:
Originally Posted by PossumX (Post 2240076)
The coder makes it very clear, IF YOU READ THE TOP OF ALL THREAD PAGES:

** ...And remember that Support is given in the ibProArcade-Support-Forum **
Who reads anymore? :confused:

TheLastSuperman 08-30-2011 06:28 PM
Quote:
Originally Posted by JacquiiCooke (Post 2240018)
Thanks so much for the fix MrZeroPage.
I've a question please. The release history .txt says "one security-issue fixed"
Can you tell us how many and/or which files were changed to fix the security issue?
Perhaps instead of uploading/overwriting all files & reinstalling the product, we may be able to overwrite (patch) only the file that presented the security issue.

Thanks,

J.
Quote:
Originally Posted by Zahl (Post 2240041)
Anyone figured out yet what the change/fix is? I have modified my version of ibPA and would like to just apply the fix manually.... unless it includes a major remodeling of everything.
Quote:
Originally Posted by ForceHSS (Post 2240061)
just upload all the files and dont worry about where the fix is no one is going to tell you
Quote:
Originally Posted by JacquiiCooke (Post 2240070)
easy to say when you haven't spent hours and hours and hours customizing your ibProArcade install! Anyway - hopefully someone will share the fix as I and others have asked:
Let's think about this for a second... how many sites do you suppose are still running 2.7.0? From the install count and download count I would dare say QUITE a few do you all agree?

If you agree then why would we post the exact issue, allowing some script-kiddies just enough info to do harm to those sites still running 2.7.0? I love you guys (and gals Jacquii :D) however you can't always assume info is not disclosed because we simply don't want to tell you, that's silly tbo :p.

Mark.B 08-30-2011 06:31 PM
Quote:
Originally Posted by Gemma (Post 2240075)
I took me about 3 minutes to compare all the files, probably as long...if not less time than as some of you have waited in this thread for answers. You call yourself admins...and some even claim to offer professional support - do yourself a favour and download a compare program (you'll need it to compare and make the edits to the files below if you would rather not just overwrite the files).

Between versions 2.7.0+ and 2.7.1+ the following files have changed (code changes as opposed to just something like 2.7.0+ becoming 2.7.1+ in the file)

arcade.php
admincp/arcade.php
functions/functions.php
modules/mod_favorites.php
modules/mod_league.php
modules/mod_report.php
modules/mod_settings.php
skins/skin_arcade.php
skins/skin_v3arcade.php

And the product file (obviously).

Some changes are only 1 line

That took about 3 minutes to find out and I even sent a text message inbetween comparing.

Go figure :rolleyes:

Thanks for the speedy update MrZeropage.
Yes I found most of these.... :)

Though I confess, using Beyond Compare on a clean 2.7.1 versus a clean 2.7.0, it didn't find any differences in functions/functions.php

Many of the changes are just to do with branding free licences however.

I can't go into any any more detail than that.....as Gemma says, a good admin should be able to pull out the required changes and patch up nicely in no time. :)

That's what I've done due to heavy customisation, however that's a temporary measure and I'll be running the full upgrade in a week or two when I get the time to re-apply everything. :)

Gemma 08-30-2011 06:39 PM
Quote:
Originally Posted by Mark.B (Post 2240081)
Though I confess, using Beyond Compare on a clean 2.7.1 versus a clean 2.7.0, it didn't find any differences in functions/functions.php
Dunno, that could be a curveball, red herring or more likely too much red wine on my part :D

2.7.0+
Code:
// we are on vB 4 or later WHOHOOO
                $debug = false;
                $navbits = $output_array['NAV'];
                $navbits = construct_navbits($navbits);
                $navbits = construct_navbits(array('' => $ibforums->lang['page_title']));
                $navbar = render_navbar_template(construct_navbits($navbits));
                $maincontent = $this->to_print;
                $templater = vB_Template::create('ARCADE');
                $templater->register_page_templates();
                $templater->register('navbar', $navbar);
                $templater->register('footer', $footer);
                $templater->register('pagetitle', $ibforums->lang['page_title']);
                $templater->register('maincontent', $maincontent);
                $templater->register('arcadeheader', $arcadeheader);
                print_output($templater->render());
2.7.1+
Code:
// we are on vB 4 or later WHOHOOO
                $debug = false;
                $navbits = $output_array['NAV'];
                $navbits = construct_navbits($navbits);
                $navbits = construct_navbits(array('' => $ibforums->lang['page_title']));
                $navbar = render_navbar_template(construct_navbits($navbits));
                $maincontent = $this->to_print;
                $templater = vB_Template::create('ARCADE');
                $templater->register_page_templates();
                $templater->register('navbar', $navbar);
                $templater->register('footer', $footer);
                $templater->register('ibprotitle', $ibprotitle);
                $templater->register('pagetitle', $ibforums->lang['page_title']);
                $templater->register('maincontent', $maincontent);
                $templater->register('arcadeheader', $arcadeheader);
                print_output($templater->render());

Mark.B 08-30-2011 06:44 PM
Quote:
Originally Posted by Gemma (Post 2240083)
Dunno, that could be a curveball, red herring or more likely too much red wine on my part :D

2.7.0+
How very strange....my "clean" 2.7.0 already has that line in..... :o

Cue spooky music.....

So does my modified 2.6.7 one in fact!

ForceHSS 08-30-2011 06:55 PM
got it working nice, now to run tests on my test site first

Hippy 08-30-2011 07:28 PM
MrZeropage the biggest issue ATM with the newest vb and the ibproarcade is the holdsession.php stopped working .. you need to have the remember me ticked or you get logged out of the forum when going to play a game.... so , you are playing the game then finish and submit your score your logged out..

a fix for this would be great appreciated..
Regards
Ron

tom-hxf 08-30-2011 07:38 PM
nvm, works

8thos 08-30-2011 08:18 PM
Quote:
Originally Posted by Erica1977 (Post 2239997)
Really then where's the support here well answer that i will not upgrade till there's answer.
I know a site who got hacked a month ago due to the security flaw in this mod. You put your board at risk by being lazy and irresponsible. Speaking of lazy and irresponsible, same could be said for the mod creator for taking so long to fix the issue. I personally use v3Arcade cause of that reason.

Mark.B 08-30-2011 08:23 PM
Quote:
Originally Posted by Hippy (Post 2240108)
MrZeropage the biggest issue ATM with the newest vb and the ibproarcade is the holdsession.php stopped working .. you need to have the remember me ticked or you get logged out of the forum when going to play a game.... so , you are playing the game then finish and submit your score your logged out..

a fix for this would be great appreciated..
Regards
Ron
Hmm just done some playing with this...didn't even know it was an issue since my board has always had the box ticked by default.

Anyway....try changing that "echo" line to this:
Code:
echo '<meta http-equiv='refresh' content='$secs; URL=$vboptions[bburl]/holdsession.php$session[sessionurl_q]act=arcade&do=play&gameid=$gameid'>';

That seems to be working for me, whereas I was able to replicate the issue before by unticking the box.

Certainly the syntax was all wrong before.

Paul M 08-30-2011 08:30 PM
Quote:
Originally Posted by Octavius. (Post 2240130)
Speaking of lazy and irresponsible, same could be said for the mod creator for taking so long to fix the issue.
Are you taking something ? It was fixed within 24 hours. How in any world is that "taking so long".

8thos 08-30-2011 08:31 PM
I like iBproArcade's front page a lil better than v3Arcade. Only problem is the ton of style issues associated with this mod so I can see why she's acting like that. I have not had a single style issue since switching to v3Arcade though.

MrZeropage 08-30-2011 08:31 PM
Quote:
Originally Posted by Octavius. (Post 2240130)
I know a site who got hacked a month ago due to the security flaw in this mod. You put your board at risk by being lazy and irresponsible. Speaking of lazy and irresponsible, same could be said for the mod creator for taking so long to fix the issue. I personally use v3Arcade cause of that reason.
"so long to fix the issue" ?! I was noticed 29th August at 12:50 and provided the fixed Update within 24 hours on 30th August at 12:15 to vb.org where it got published at 15:26 after the staff checked the fix.
I think this is bad advertising for an alternative product, I was here in time and provided a fix within one day !

Quote:
Originally Posted by Hippy (Post 2240108)
MrZeropage the biggest issue ATM with the newest vb and the ibproarcade is the holdsession.php stopped working .. you need to have the remember me ticked or you get logged out of the forum when going to play a game.... so , you are playing the game then finish and submit your score your logged out..

a fix for this would be great appreciated..
Regards
Ron
Ron, thanks, I will setup vB4 latest release next weekend on my testsite and implement fixes for that, leading in ibProArcade v2.7.2+ then

8thos 08-30-2011 08:31 PM
Quote:
Originally Posted by Paul M (Post 2240138)
Are you taking something ? It was fixed within 24 hours. How in any world is that "taking so long".
No Paul. The security flaw was there long before that.

Paul M 08-30-2011 08:35 PM
Quote:
Originally Posted by Octavius. (Post 2240141)
No Paul. The security flaw was there long before that.
Right - so when did you get a time machine then ?

Alternatively, perhaps you would enlighten us all as to how you fix an issue before you are informed of it.

8thos 08-30-2011 08:36 PM
Quote:
Originally Posted by MrZeropage (Post 2240140)
"so long to fix the issue" ?! I was noticed 29th August at 12:50 and provided the fixed Update within 24 hours on 30th August at 12:15 to vb.org where it got published at 15:26 after the staff checked the fix.
I think this is bad advertising for an alternative product, I was here in time and provided a fix within one day !

Ron, thanks, I will setup vB4 latest release next weekend on my testsite and implement fixes for that, leading in ibProArcade v2.7.2+ then
Oh okay.

Does this mean:

A. You finally fixed the previous security flaw that's been up for months.

B. You noticed the previous security flaw during an update and fixed it thinking it was new.

C. You only fixed the new security flaw.

8thos 08-30-2011 08:38 PM
Quote:
Originally Posted by Paul M (Post 2240144)
Right - so when did you get a time machine then ?

Alternatively, perhaps you would enlighten us all as to how you fix an issue before you are informed of it.
Your right. I don't know if they posted the issue in this thread after they got hacked.

If anything, I should've mentioned it myself in this thread after it happened last month.

Sorry.

BirdOPrey5 08-30-2011 09:04 PM
If no one reports a confirmed hack neither the staff or the mod author have any idea anyone is "being hacked" through this mod.

You can report being hacked by using the "Report Post" feature on the top post or PMing a staff member. Posting in a thread is not a report because quite frankly we don't all read every post, and the details should be kept confidential anyway.

TheLastSuperman 08-30-2011 09:08 PM
Quote:
Originally Posted by Octavius. (Post 2240147)
Your right. I don't know if they posted the issue in this thread after they got hacked.

If anything, I should've mentioned it myself in this thread after it happened last month.

Sorry.
Yes it's very important to let us know, don't specifically post the code for the reasons I noted a few posts back, use the report feature as a member did recently who brought this to our attention, it was further reviewed by staff then submitted to MrZeroPage who then promptly fixed it and that's how anyone should handle this from here on out.

I also understand how some want to notify everyone "ohh there's a flaw let's post it and warn others" i.e. helping while genuinely sincere can cause mass panic (I mean really ladies and gents the insults that are thrown or hinted to are simply ridiculous sometimes, honestly or I wouldn't take the time to say so please try to afterwards, understand from another perspective that they are unwarranted at best imo.) when all you need to do in nearly all similar situations is disable or uninstall the mod and security should not be pfff'd away as you all say and stress - it's up to everyone one of us to secure our forums, it's up to end-users to trust in those forums yet we must all assume responsibility for using the sites ourselves imo as we can't always take action against those doing the actual harm :o.

MentaL 08-30-2011 09:21 PM
the update just wiped my game list :(

/edit

fixed, damn vboptimize pro , flush = fix.

Paul. 08-30-2011 10:04 PM
Quote:
Originally Posted by MentaL (Post 2240165)
the update just wiped my game list :(

/edit

fixed, damn vboptimize pro , flush = fix.
Will updating make it appear as thought my games have been wiped?
If so, how do I get them back to normal?
I will update tomorrow.
Thanks for updating this @ Mr Zero :)

rolfw1 08-30-2011 10:10 PM
Just updated to latest version and now get this message when trying to submit a score:

Code:
Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

Black Tiger 08-30-2011 10:21 PM
Thanks for the quick security fix.

However, I discovered a bug which was also present in 2.7.0.
Quote:
Upgrade to 2.7.1 or disable the mod completely.
Disabling won't work, because if you set this to disable in the Plugin and products section, the arcade won't be disabled at all. I can still keep playing games.
This should not be the case.

I can even still play games if the arcade is turned of in the arcarde main settings, but this could be because I'm admin.
However, when disabled within plugins and products, the game is -not- disabled. This would need a fix too.

8thos 08-30-2011 11:16 PM
Quote:
Originally Posted by BirdOPrey5 (Post 2240154)
If no one reports a confirmed hack neither the staff or the mod author have any idea anyone is "being hacked" through this mod.

You can report being hacked by using the "Report Post" feature on the top post or PMing a staff member. Posting in a thread is not a report because quite frankly we don't all read every post, and the details should be kept confidential anyway.
Quote:
Originally Posted by TheLastSuperman (Post 2240157)
Yes it's very important to let us know, don't specifically post the code for the reasons I noted a few posts back, use the report feature as a member did recently who brought this to our attention, it was further reviewed by staff then submitted to MrZeroPage who then promptly fixed it and that's how anyone should handle this from here on out.

I also understand how some want to notify everyone "ohh there's a flaw let's post it and warn others" i.e. helping while genuinely sincere can cause mass panic (I mean really ladies and gents the insults that are thrown or hinted to are simply ridiculous sometimes, honestly or I wouldn't take the time to say so please try to afterwards, understand from another perspective that they are unwarranted at best imo.) when all you need to do in nearly all similar situations is disable or uninstall the mod and security should not be pfff'd away as you all say and stress - it's up to everyone one of us to secure our forums, it's up to end-users to trust in those forums yet we must all assume responsibility for using the sites ourselves imo as we can't always take action against those doing the actual harm :o.
My bad. I'll start using the report post feature for myself and on behalf of those I help out every now and then.

ForceHSS 08-30-2011 11:38 PM
1 Attachment(s)
the one that is showing right is my test site the other is my live site now the test site is a copy of the live site but still the style looks wrong how do I fix the parts needed

Hippy 08-31-2011 12:26 AM
Quote:
Originally Posted by ForceHSS (Post 2240203)
the one that is showing right is my test site the other is my live site now the test site is a copy of the live site but still the style looks wrong how do I fix the parts needed
your test site is not useing save css as a file.. and your live site is ..

you will need to move the contents from your ARCADE.css to your additional.css
and use the ARCADE template I have posted in the fix thread.. (first post)
you can find it in my sig

enjoy

BMR 08-31-2011 12:28 AM
If upgrading from 2.7.0 is everything a fresh install, or just uploading and replacing PHP files.

Hippy 08-31-2011 12:39 AM
Quote:
Originally Posted by BMR (Post 2240213)
If upgrading from 2.7.0 is everything a fresh install, or just uploading and replacing PHP files.
over write all file and import the xml file and allow over write

ForceHSS 08-31-2011 12:43 AM
Quote:
Originally Posted by Hippy (Post 2240212)
your test site is not useing save css as a file.. and your live site is ..

you will need to move the contents from your ARCADE.css to your additional.css
and use the ARCADE template I have posted in the fix thread.. (first post)
you can find it in my sig

enjoy
thank you

moonbase 08-31-2011 03:23 AM
Thanks for a great product and bringing out the latest version. Glad to be safe and secure once again. :)


Question?:

Could the latest version be updated to match the latest updated version for clarity to users?

Examples:

At the top of the thread title:

Mod Version: 2.7.0+, by MrZeropage (Coder) MrZeropage is offline
Developer Last Online: Aug 2011 Report Post I like it Show Printable Version Email this Page Subscribe to This Mod

Check Version within Admin Panel Product Manager:

Installed Version 2.7.1
Latest Version 2.7.0+

MrZeropage 08-31-2011 04:40 AM
Yes, thread-information is updated now, there was a small technical problem here at vb.org which is solved now :)

Gazer 08-31-2011 06:32 AM
Quote:
Originally Posted by MrZeropage (Post 2240287)
Yes, thread-information is updated now, there was a small technical problem here at vb.org which is solved now :)
Thanks for the update ....keep up the good work

Regards Gazer

NickyNet 08-31-2011 08:12 AM
MrZeropage,

just wanted to say thank you for the update and for the whole arcade stuff.
keep the good work.
THANK YOU!
oder, VIELEN DANK!


All times are GMT. The time now is 05:06 AM.
Page 159 of 190 « First 59109149157158 159 160161169 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08809 seconds
  • Memory Usage 1,877KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (29)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (4)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete