vb.org Archive
Page 3 of 11 12 3 45 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   PM Auto Reply (https://vborg.vbsupport.ru/showthread.php?t=116325)

Hellcat 05-23-2006 11:06 AM
Ha!

Just uploaded an updated version.
Hopefully fixed the two bugs ("blahblah missing bleh error in whatdoiknow.php" and the excluding issue) and added (by special request of a special Boofo ;)) some replacement variables:
{name}, {from} and {to} :)

Boofo 05-23-2006 11:11 AM
All right! You da man! ;)

htscpl 05-23-2006 12:48 PM
Just installed from previous download and got error but I am re-installing with new file. Looks like this will be a great little addition to my site.
Thanks!

*** clicks install ***


PS: bug was fixed, auto reply works great! Thanks again Michael !

vBulletin THEN DAYLIGHT 05-23-2006 04:26 PM
Ever since installing this plugin I have been getting a MySQL error when sending PM's to someone with a # in their username, I never had the problem before.

Database error in vBulletin 3.5.4:

Invalid SQL:
SELECT userid, pmautoreplystatus, pmautoreplytext, pmautoreplydate FROM vb_user WHERE username='vaughan's #1 fan';

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's #1 fan'' at line 1
Error Number : 1064
Date : Tuesday, May 23rd 2006 @ 01:13:06 PM
Script : http://www.cricket247.net/forum/private.php
Referrer : http://www.cricket247.net/forum/priv...do=newpm&u=197
IP Address : 87.113.26.175
Username : Rob
Classname : vb_database

Scott MacVicar had this to say:

Quote:
Its the unescaped ' and that is an SQL Injection and a serious security issue.

The query is a non standard vBulletin query from an auto reply hack.
I recommend no one installs this until the problem is sorted.

*disables

BoYagoob 05-23-2006 06:20 PM
Thanks ..

Hellcat 05-23-2006 09:22 PM
Ouch....
Never trust vB's cleanGPC() again, I guess....
I'll add an escaping of all input and upload an updated version later, once I get home!

Thanks for bringing this to my attention!

[EDIT]
UPDATED VERSION HAS BEEN UPLOADED!
SECURITY ISSUE SHOULD BE FIXED!

I added an additional escaping of the username inside the SQL query!

SaN-DeeP 05-24-2006 03:33 PM
Hellcat, thank you for your support for releasing good addons :)

vBulletin THEN DAYLIGHT 05-24-2006 06:17 PM
Thanks, Hellcat

Stangsta 05-25-2006 01:26 AM
Quote:
Originally Posted by Stangsta
I feel honored to find the first bug!

I have a usergroup say....ID #5 (administrator) and I have another usergroup say....ID #15 registered users. If I exclude ID 15 from the options, it will exclude ID #5 as well. Same with #16 & #6.....#17 &#7 and so on.
Still having same problem :(

Hellcat 06-08-2006 08:23 AM
Howdy :)

[high]Concerning vBulletin 3.6 (beta 1):[/high]
This seems to be working fine under vB3.6b1.

At least I didn't encounter any problems while testing ;)


All times are GMT. The time now is 12:22 AM.
Page 3 of 11 12 3 45 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01019 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete