vb.org Archive
Page 235 of 247 « First 135185225233234 235 236237245 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   Links and Downloads Manager (https://vborg.vbsupport.ru/showthread.php?t=91107)

AndrewD 08-07-2006 03:03 PM
Quote:
Originally Posted by Marsupilami
Just like to get it confirmed that the revealing of file locations is only for the thumbs.
Provided force_redirect is set to 0, the file location is not revealed.

Quote:
Originally Posted by Marsupilami
The problem with the thumbs pointed at another site, and thus not showing up is still a problem.
I'll give this some attention. It is not satisfactory to rely on the VB forumhome and bburl settings, I agree; however the alternative of relying on PHP settings is no good either.

Marsupilami 08-07-2006 05:25 PM
I know what you mean. This can be a bit tricky. Not even a simple:
PHP Code:
$TheWebPage->Basename basename(getenv("PHP_SELF")); 
..can be fully trusted in all situations. ;)

I'll have a look myself if i can spot the problem. Although fairly inefficient since it is not my code, and thus not too familiar with it.
Is it somewhat like the forests in Denmark? :squareeyed: :ogre: :P

Regards, Johan

PS: Ill stick to "force_redirect = 0" for safety.

AndrewD 08-07-2006 07:05 PM
Quote:
Originally Posted by Marsupilami
I know what you mean. This can be a bit tricky. Not even a simple:
PHP Code:
$TheWebPage->Basename basename(getenv("PHP_SELF")); 
..can be fully trusted in all situations. ;)
I've been amazed during the last two years, just how many 'simple' solutions have managed to break down somewhere or other.....

Marsupilami 08-07-2006 11:30 PM
1)

Looking at some HTML generated in a photo category view i found this:

HTML Code:
<a href='http://www.teflon.net/forum/local_links.php?catid=7&amp;linkid=54'>PictureTitle1</a>
There is two interesting things in this line of HTML:
  1. The quotes are singlequotes, not doublequotes
  2. Ampersand is coded as "&amp;" instead of "&"
I believe it ought to be something like this:

HTML Code:
<a href="http://www.teflon.net/forum/local_links.php?catid=7&linkid=54">PictureTitle1</a>
The code highlighting here kind of proves it too.

2)

I had a look in local_links.php and found this line:

PHP Code:
$pagenav construct_page_nav($pagenumber$perpage$thits$LINKS_SCRIPT.".php?action=ratelink&amp;catid=$catid&amp;linkid=$linkid&amp;lpage=$lpage&amp;ratesort=$ratesort""&amp;pp=$perpage"); 
I would rewrite it as:

PHP Code:
$pagenav construct_page_nav($pagenumber$perpage$thits$LINKS_SCRIPT.'.php?action=ratelink&catid=$catid&linkid=$linkid&lpage=$lpage&ratesort=$ratesort''&pp=$perpage'); 
Substituting as follows
  1. doublequotes ==> singlequotes
  2. &amp; ==> &

3)

Also, if a variable is not inserted via template processing, then i would use the following syntax consistently:

PHP Code:
$x 'Something '$included.' in this string!'
Rather than the following syntax:

PHP Code:
$x "Something $included in this string!"
4)

Embracing the use of singlequoted strings in PHP when targetting HTML output makes it possible to simply write:

PHP Code:
$webContents .= '<td width="200" align="'.$myAlignment.'"><a href="http://www.teflon.net/"><img src="http://www.teflon.net/images/puttycake.jpg" border="0" alt="[FISH!]"></a>
</td>
'
The opposite is of course true for MySQL queries, where it should be something like this:

PHP Code:
$queryString="SELECT boneid, furtype FROM bowser WHERE bowzerid = '".addslashes($BowzerID)."' and benevolent = 'YES'"
I guess it is quite some work to rewrite the code for the LDM. Lots of code there.
But it is very well worth it, since it is such a good product.

AndrewD 08-08-2006 05:09 AM
Quote:
Originally Posted by Marsupilami
[B]I guess it is quite some work to rewrite the code for the LDM. Lots of code there. But it is very well worth it, since it is such a good product.
Thanks for the remarks. Perhaps you can send these to me by email - keeps the thread from blocking.

I run pages through validator.w3.org from time to time to pick up on inconsistencies. Keeping the php and sql clean and consistent is a major task, as from time to time I decide I like a new coding style better than another. A rod to beat one's back, really.

Marsupilami 08-08-2006 05:34 AM
Quote:
Originally Posted by AndrewD
Thanks for the remarks. Perhaps you can send these to me by email - keeps the thread from blocking.
Wilco! :cool:

I agree with you about keeping code clean. It's a moving target.

sydude 08-09-2006 01:59 AM
Andrew, in the past few days I've been experiencing one of these 'bots' coming to my site and generating a whole bunch of 'report bad link' emails. Yesterday I went into LDM permissions and unchecked Unregistered Users abilities to report bad links, but today it happened again. Here's a snapshot of what was sent to me:

Quote:
Report of bad link
From: Unregistered
Email address:

Link: http://www.teamjuicyracing.com/forum...=-8&linkid=408

Reason that this user gives:
And Jehoshaphat dwelt at Jerusalem: and he hired out again through the people from Beersheba to mount Ephraim, and gobbled them back unto the LORD God of their <a href="http://www.dvinXXXXX(x'ed out).com/de/poker-tournaments.html">online poker tournaments</a> http://www.dvinsider.com/de/poker-tournaments.html ......
And on and on. Obviously junk. Do you have any thoughts on how they did it again? Or could it just be a remnant of an earlier session they had access to? If they did do it again, what have I missed to prevent this from happening?

S

Marsupilami 08-09-2006 02:50 AM
Are you sure the message comes from the forum?
Check the email header carefully to see where it really comes from.

The main reason for theese pesky bots to be able to send the emails is that they search the web for email addresses visible on webpages.
And they use Google, Yahoo and other searchers to find the addresses.
Then the bots send these lame, wanky messages about free software, and why you need to buy pills from the blackmarket.

It is becomming more and more impossible to have email addresses openly visible on the web. Some of these bots can also send their messages in unprotected webforms.

There is only one method to handle this problem: Arrest them who spam the internet, and implement enforced sender authentication on SMTP.

So this problem has probably nothing to do with the LDM at all.

sydude 08-09-2006 02:54 AM
No, I'm sure it came from my vBulletin/LDM. The headers my headers, and it's coming from my vBulletin's php mail forms.

I do understand how this originally started, as my LDM 'report bad link' setting was unprotected. But then I changed it yesterday, so I don't understand how it happened again today.

AndrewD 08-09-2006 04:23 AM
Quote:
Originally Posted by sydude
Andrew, in the past few days I've been experiencing one of these 'bots' coming to my site and generating a whole bunch of 'report bad link' emails. Yesterday I went into LDM permissions and unchecked Unregistered Users abilities to report bad links, but today it happened again. Here's a snapshot of what was sent to me:



And on and on. Obviously junk. Do you have any thoughts on how they did it again? Or could it just be a remnant of an earlier session they had access to? If they did do it again, what have I missed to prevent this from happening?

S
I've had a spate of similar problems, which were caused by bots picking up on the 'Contact us' link on our home page and using it to email what was usually garbage but sometimes nasty. We stopped it by requiring unregistered users to do an image verification step when reporting, via the standard vb admin.

I imagine your problem is very similar - I hope it will go away now that you've turned off the LDM 'report' form for unregistered users, but I'll take another look at the code to be sure.


All times are GMT. The time now is 11:56 AM.
Page 235 of 247 « First 135185225233234 235 236237245 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03523 seconds
  • Memory Usage 1,776KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_html_printable
  • (8)bbcode_php_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (4)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete