vb.org Archive
Page 160 of 334 « First 60110150158159 160 161162170210260 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   [AJAX] vBShout v2.0 (https://vborg.vbsupport.ru/showthread.php?t=93097)

Jon_Simmonds 04-22-2006 08:54 PM
Does the edit function work after the update? if so i must be pure stupid as i cant figure out how to edit a shout by one of my users - edit found it :D

H@K@N 04-22-2006 09:39 PM
Hi @ll,

have executed the Security fixed, don't know if its linked to my Issue :

A User is using bbcode in the Shout like

[img ] link to an image with a .htaccess protected folder [/IMG ]

So then all Users getting to Popup to Enter Username and Password. This could be also a security Risk .....

How i can handle this, should i disallow bbcode in the Shoutbox ?

th@nks

Zachery 04-22-2006 09:52 PM
Thats not a direct security risk anyone can control, anyone could post a picture to an image thats behind htaccess on anywhere you allow the image bbcode.

H@K@N 04-22-2006 09:56 PM
So then the Smiley Function is not working anymore, because you have to deactivate the vBCode/Smilies Function.

Any possiblity to disallow the external linking in the Shoutbox ?

DementedMindz 04-22-2006 10:49 PM
Quote:
Originally Posted by Zachery
Thats not a direct security risk anyone can control, anyone could post a picture to an image thats behind htaccess on anywhere you allow the image bbcode.
ok maybe they will answer this time...

ok i see brad posted a fix but wasnt this a exploit too in it 'shout' => TYPE_STR, as per this post https://vborg.vbsupport.ru/showp...postcount=1192 or does brads update fix this?

thelittleguy 04-22-2006 11:37 PM
i have it loaded on my site all it says is Loading and never does whats the deal?

RFViet 04-23-2006 01:39 AM
I got probem after updating the vbshout_fix . I can not type " ... " anymore . The quotation mark doesn't work , please check it out !!!

o0Hubba0o 04-23-2006 02:18 AM
Quote:
Originally Posted by RFViet
I got probem after updating the vbshout_fix . I can not type " ... " anymore . The quotation mark doesn't work , please check it out !!!
Lol you can always tell the people that don't read before they post. They're looking into it, it has to do html not being allowed. Just scan some previous posts, it's all there.

RFViet 04-23-2006 11:37 AM
Quote:
Originally Posted by o0Hubba0o
Lol you can always tell the people that don't read before they post. They're looking into it, it has to do html not being allowed. Just scan some previous posts, it's all there.
It didn't happen with orginal vbshout 2 on my board !!

Brad 04-23-2006 01:01 PM
Yes my update fixes that issue, although it does not restrict input to NOHTML, it simply cleans it when it's called from the database.

Quote:
Brad's update didn't fix the current problems
My update fixed only one problem and that was allowing users to inject html. :)

Quote:
Why are you using htmlspecialchars() as the 'fix' function? That only causes special chars to get converted... why not use strip_tags() ?
Strip_tags will give you results that are just as bad. For example try posting this in the shoutbox "& <-- no &amp;" this will display "&" because everything after < is stripped.

Update

I've uploaded a new version of this hack, dubbed '2.0.2'. This one should fix the issues without breaking special characters. To upgrade, download the new zip file and upload the new vbshout.php file.

Please note that this only fixes the html injection issues. I do not use this hack on my own forum (although I've tested this on a client's board) so I will not be fixing the server load issues. I suggest you do not install this hack if you can't deal with the extra server load, as it's rather intensive.


All times are GMT. The time now is 04:56 AM.
Page 160 of 334 « First 60110150158159 160 161162170210260 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04251 seconds
  • Memory Usage 1,745KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (6)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete