vb.org Archive
Page 235 of 437 « First 135185225233234 235 236237245285335 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Major Additions - DownloadsII (https://vborg.vbsupport.ru/showthread.php?t=120122)

RS_Jelle 02-15-2008 08:48 PM
Quote:
Originally Posted by Black Tiger (Post 1443305)
If anyone has a good downloads.php addon for the vbseo google/yahoo sitemap generator (stand alone mod) which does not generate a parse error because it misses a ; somewhere (at least the error notice says this) I would really be obliged.
Because support is very slow in that mod, if any.
I'm sorry, but I'm not very familiar with that mod or other vBSEO stuff :o

Quote:
Originally Posted by maidos (Post 1443852)
the bbcode is not activated on download main page. when i view the files through the category i only see commands while i visit the download page i can see the bbcode activated...
That's normal behaviour. We are stripping all BBCode on the category view intentionally. Otherwise we would break it sometimes as the description is truncated there.

Pirat3 02-15-2008 09:01 PM
{removed upon request]

Charles_1 02-15-2008 10:10 PM
Quote:
Originally Posted by RS_Jelle (Post 1438126)
For people experiencing the GARS compatibility problem, I have posted a fix here ;)
Thanks man, really! Downloads II is working again at our site thanks to you :-)

Pirat3 02-16-2008 04:24 AM
ok i just moved servers to a VPS one, this mod worked just fine till after change. now everytime i try to download a file it gives a "file error". (all my users have this issue).

Or the file will open in a new firefox tab with a bunch of weird symbols etc..

Any fix or reason how to fix?

I CHMOD 777 the downloads directory, downloads.php is CHMOD 664 tried 777 but no cigar.

Marco van Herwaarden 02-16-2008 09:45 AM
Quote:
Originally Posted by Pirat3 (Post 1444018)
i found a HUGE bug in this that can lead to a SQL injection through the header of this mod (remote blind type). i put in the table i want the SQL info of and it get printed in my XPL script :X

Any fixes?
If you are aware of a possible exploit in a modification, please use the Report Post feature on the first post of this thread, and provide details on the exploit. Please do not post in public about any posible exploit details.

Also see Mod Exploit Guidelines

maidos 02-16-2008 01:16 PM
im turning this mod off until the so called sql exploirt has been cleared off

Black Tiger 02-16-2008 02:49 PM
Is there indeed an existing exploit at the moment? People can say there is, but I won't turn downloads II off until it's confirmed.

@RSJelle: I think the problem is in the code of the addon. Probably the "order by" piece. It's complaining about a missing ; or something, you are good at code, maybe you can see what's wrong because you know a lot of code and also know which tables are used in the present downloads II version.
This is the downloads addon code they use:
Code:
        $mods = $db->query("SELECT id,name FROM " . TABLE_PREFIX . "dl_cats ORDER BY `id`");
        while ($mod = $db->fetch_array($mods))
        {       
                $url = $vbseo_vars['bburl'].'/downloads.php?do=cat&id='.$mod['id'];

                if(VBSEO_ON)
                        $url = vbseo_any_url($url);

                  vbseo_add_url($url, 1.0, '', 'daily');
        }

        $mods = $db->query("SELECT id as fid FROM " . TABLE_PREFIX . "dl_files");
        while ($mod = $db->fetch_array($mods))
        {       
                $url = $vbseo_vars['bburl'].'/downloads.php?do=file&id='.$mod['fid'];

                if(VBSEO_ON)
                        $url = vbseo_any_url($url);
                  vbseo_add_url($url, 1.0, '', 'daily');
        }
From the previous version the change to "dl_files" and "dl_cats". Previously Order by was by 'order' which now they changed to 'id' but maybe this is not correct anymore or there are some other problems.
If you can't see it, oke, bad luck for me then.:)

Pirat3 02-16-2008 06:42 PM
Quote:
Originally Posted by Pirat3 (Post 1444244)
ok i just moved servers to a VPS one, this mod worked just fine till after change. now everytime i try to download a file it gives a "file error". (all my users have this issue).

Or the file will open in a new firefox tab with a bunch of weird symbols etc..

Any fix or reason how to fix?

I CHMOD 777 the downloads directory, downloads.php is CHMOD 664 tried 777 but no cigar.
Anyone know whats wrong?:eek:

Marco van Herwaarden 02-17-2008 06:24 AM
Quote:
Originally Posted by maidos (Post 1444423)
im turning this mod off until the so called sql exploirt has been cleared off
There has been 1 user who claims there is a vulnerability, but even though we invited him to provide details of this alleged exploit, we never received any additional information.

Until we recieve more detailed information on the alleged exploit, there is not much we can add to this.

To avoid confusion: There is no confirmed exploit at this time in this modification.

RS_Jelle 02-18-2008 08:43 AM
Quote:
Originally Posted by Pirat3 (Post 1444244)
ok i just moved servers to a VPS one, this mod worked just fine till after change. now everytime i try to download a file it gives a "file error". (all my users have this issue).

Or the file will open in a new firefox tab with a bunch of weird symbols etc..

Any fix or reason how to fix?

I CHMOD 777 the downloads directory, downloads.php is CHMOD 664 tried 777 but no cigar.
Check the chmod of the files inside the downloads directory. They should have chmod 666 permissions.

You don't need to chmod downloads.php as there's no need to change it :p

Quote:
Originally Posted by Black Tiger (Post 1444479)
@RSJelle: I think the problem is in the code of the addon. Probably the "order by" piece. It's complaining about a missing ; or something, you are good at code, maybe you can see what's wrong because you know a lot of code and also know which tables are used in the present downloads II version.
This is the downloads addon code they use:

*code*

From the previous version the change to "dl_files" and "dl_cats". Previously Order by was by 'order' which now they changed to 'id' but maybe this is not correct anymore or there are some other problems.
If you can't see it, oke, bad luck for me then.:)
I don't see any problems with it at first sight. What's the exact error you are getting?


All times are GMT. The time now is 09:38 PM.
Page 235 of 437 « First 135185225233234 235 236237245285335 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04632 seconds
  • Memory Usage 1,757KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (6)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete