vb.org Archive
Page 3 of 4 12 3 4
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Administrative and Maintenance Tools - Check 4 Hack - Finds infected Datastore Entries (https://vborg.vbsupport.ru/showthread.php?t=265866)

gregorym 07-04-2013 10:57 PM
I'd like to know if this is working or how to make it work with 4.2.1 as well.
As Wolver2 said above, it's very important to many of us.

Or is there another product that's compatible with 4.2.1??

Wolver2 07-07-2013 01:29 PM
I think its working as I get the emails for 4.2.1 and I get "Infects found: {1}"
BUT I CANNOT SEE WHERE! the emails are all blank lol

Lazorbeam 08-27-2013 10:38 AM
Hmm... after 15 months of using this addon I'm now getting blank emails at 2, 22 and 42 minutes of every hour (which is when the job is scheduled to run).

Haven't installed anything lately so I'm guessing there was/is some sort of infection, however the files are blank. There are no infected addons according to the emails I'm getting, including the first.

Any idea?

Keysailor 09-01-2013 03:59 PM
Running 4.2.0pl2 and get this response running the cron job regardless of whether demo is active/enabled or not:

The following modules were infected:

pluginlist

Read through this whole thread, didn't find anything to tell me whether I have a problem or not. Any help?

JesterP 09-07-2013 01:36 AM
Makes me wonder why this isn't built in functionality. :/

Moh4m4d 09-07-2013 01:59 AM
Quote:
Originally Posted by avitor (Post 2417120)
hello dear
thank you for this mod

any one can confirm that this mod working on vb 4.2.pl2 ?
thanks
you can run for : 4.x.x

ForceHSS 09-14-2013 06:57 PM
1 Attachment(s)
As this has never been updated I have fixed the English version as some of it was not in English and also the grammar was not the best. This is all that I have done

whodah 09-19-2013 08:24 PM
I have a question, and can offer some help/advice.
:D

I installed this on a known compromised site.

I was getting blank emails every 20 minutes.

Scheduled Task Log Viewer indicates what a lot of folks prevoiusly posted here on when asking about 'pluginlist'

9957 Check 4 Hacking 12:14, 19th Sep 2013 Infects found: pluginlist
9956 Check 4 Hacking 11:42, 19th Sep 2013 Infects found: pluginlist
9955 Check 4 Hacking 11:22, 19th Sep 2013 Infects found: pluginlist

(over and over)

I went into phpMyAdmin and ran this query:
Code:
SELECT title FROM datastore WHERE data LIKE '%base64%'
(note: you'll need to add the prefix to 'datastore' above if you have one. i.e. change 'datastore' to 'vb4_datastore' or whatever your case may be)

resultant row:
pluginlist

Code:
SELECT * FROM  `datastore` WHERE  `title` = 'pluginlist';
(again, add your prefix to 'datastore' if applicable)

edited that record, found:
Code:
....
if (strpos($_SERVER['PHP_SELF'],"subscriptions.php")) {

eval(gzinflat
e(base64_decode('HJ3HkqNQEkU/Zzq
....
(note: that eval line and base64 line above was one line, not two. But when I type it as one line here at vbulletin.org, it errors out.)


Dug some more, found they injected some stuff off this issue:
http://www.vbulletin.com/forum/forum...-1-vbulletin-5

And this is indeed the remnants of the known compromised site. I.e. subscriptions.php leads to that C99madShell v. 2.0 madnet edition file/exploit.

So: why the blank emails every 20 minutes?

I setup a test in check4hack.php changing it from:
Code:
        vbmail($recipent,$vbphrase['c4h_subject'],construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)));
        log_cron_action(implode(", ",$storages), $nextitem, 1);
to:
Code:
        vbmail($recipent,$vbphrase['c4h_subject'],construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)));
        log_cron_action("whodahtest1 ".$recipent, $nextitem, 1);
        log_cron_action("whodahtest2 ".$vbphrase['c4h_subject'], $nextitem, 1);
        log_cron_action("whodahtest3 ".construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)), $nextitem, 1);
        log_cron_action(implode(", ",$storages), $nextitem, 1);
When you run the cron job by hand, you get legit log entries in 'Scheduled Task Log Viewer'. When cron calls it, only $recipent is set. That is to say, $vbphrase['c4h_subject'] and construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)) result in empty strings and/or null.

This explains why it 'works' for most people. One turns on 'demo', runs the cron by hand, you get the email, you turn off 'demo', and never get a 'broken' email.

Can anyone smarter than me tell me why those wouldn't be set during automatic cron vs. 'run now' cron? That'd be the key to fixing it!
:D

whodah 09-20-2013 04:07 PM
Heya,

Thought I'd post the code of check4hack.php written by the OP. It is really short, and maybe someone browsing this can say, "oh, well that needs to be set when called by cron automatically vs. run 'by hand'" or something?

Code:
<?php
/*======================================================================*\
|| #################################################################### ||
|| # Check4Hack by Hoffi                                                                                          # ||
|| #################################################################### ||
\*======================================================================*/

// ######################## SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
if (!is_object($vbulletin->db))
{
        exit;
}

// ########################################################################
// ######################### START MAIN SCRIPT ############################
// ########################################################################

// Send the reminder email only once.
$infections = $vbulletin->db->query_read("SELECT title FROM " . TABLE_PREFIX . "datastore WHERE data LIKE '%base64%'");
//vbmail_start();

$send = false;

$storages = array();

$recipent = ($vbulletin->options['check4hack_email']?$vbulletin->options['check4hack_email']:$vbulletin->options['webmasteremail']);

while ($infect = $vbulletin->db->fetch_array($infections))
{
        $storages[] = $infect['title'];
        $send = true;
        echo $infect['title']."-";
}

foreach($storages as $item)
{
        switch ($item)
        {
                // During the following found Items, the Datastore need to rebuild.
                case 'pluginlist':
                        vBulletinHook::build_datastore($vbulletin->db);
                        break;
        }
}

if ($send)
{
        vbmail($recipent,$vbphrase['c4h_subject'],construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)));
        log_cron_action("whodahtest1 ".$recipent, $nextitem, 1);
        log_cron_action("whodahtest2 ".$vbphrase['c4h_subject'], $nextitem, 1);
        log_cron_action("whodahtest3 ".construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)), $nextitem, 1);
        log_cron_action(implode(", ",$storages), $nextitem, 1);
}

vbmail_end();

?>

whodah 09-20-2013 04:15 PM
And here is an example of the Scheduled Task Log when running it 'by hand':

Code:
10311        Check 4 Hacking        10:12, 20th Sep 2013        Infects found: pluginlist
10310        Check 4 Hacking        10:12, 20th Sep 2013        Infects found: whodahtest3 The following modules were infected: pluginlist
10309        Check 4 Hacking        10:12, 20th Sep 2013        Infects found: whodahtest2 Corrupt Datastore found!
10308        Check 4 Hacking        10:12, 20th Sep 2013        Infects found: whodahtest1 email@address.com
And one when it is naturally run through cron on it's own: (note that only 'whodahtest1' has a variable next to it)
Code:
10315        Check 4 Hacking        10:14, 20th Sep 2013        Infects found: pluginlist
10314        Check 4 Hacking        10:14, 20th Sep 2013        Infects found: whodahtest3
10313        Check 4 Hacking        10:14, 20th Sep 2013        Infects found: whodahtest2
10312        Check 4 Hacking        10:14, 20th Sep 2013        Infects found: whodahtest1 email@address.com

whodah 09-21-2013 09:33 PM
So for now, I changed check4hack.php from:
Code:
vbmail($recipent,$vbphrase['c4h_subject'],construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)));
to:
Code:
vbmail($recipent,"Something Wrong in forum dB!".$vbphrase['c4h_subject'],"Run Check 4 Hacking in Scheduled Task Manager. This auto-email messes up, but it runs OK 'by hand'.\n\n".construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)));
It isn't a fix, and it isn't perfect. But at least instead of blank emails, you'll get a little guidance on what to do or what the email means.

BirdOPrey5 09-22-2013 03:46 AM
I'm not sure it will make a difference but I would try commenting out the line

Code:
echo $infect['title']."-";
(make it)

Code:
//echo $infect['title']."-";
instead.

echo will post data to the browser, it isn't something you usually want to do when running a scheduled task automatically, if used there should be a check to make sure it is being run manually.

The thing is, while it shouldn't be used best I can tell, I don't see why it would result in blank emails- but it's the only thing that sticks out at me right now.

Wolver2 09-24-2013 01:26 PM
I get this note as an email from the plugin:

The following modules were infected:

pluginlist

what do I do now? or how do I remove it

whodah 09-24-2013 02:04 PM
Quote:
Originally Posted by Wolver2 (Post 2447689)
I get this note as an email from the plugin:

The following modules were infected:

pluginlist

what do I do now? or how do I remove it
Try post #88 in this thread.

whodah 09-24-2013 02:26 PM
Quote:
Originally Posted by BirdOPrey5 (Post 2447211)
I'm not sure it will make a difference but I would try commenting out the line

Code:
echo $infect['title']."-";
(make it)

Code:
//echo $infect['title']."-";
instead.

echo will post data to the browser, it isn't something you usually want to do when running a scheduled task automatically, if used there should be a check to make sure it is being run manually.

The thing is, while it shouldn't be used best I can tell, I don't see why it would result in blank emails- but it's the only thing that sticks out at me right now.
Heya BirdOPrey5,

Thanks for the idea, but it didn't fix it.
:(

Wolver2 09-24-2013 03:26 PM
@whodah thanks for pointing it out.

Code:
After ....
if (strpos($_SERVER['PHP_SELF'],"subscriptions.php")) {

eval(gzinflat
e(base64_decode('HJ3HkqNQEkU/Zzq
....
What do I do to remove it completely?

Btw below that code you posted a link to an exploit regarding /install folder.. but I never had an install folder there after installing

whodah 09-24-2013 04:34 PM
Quote:
Originally Posted by Wolver2 (Post 2447712)
@whodah thanks for pointing it out.

Code:
After ....
if (strpos($_SERVER['PHP_SELF'],"subscriptions.php")) {

eval(gzinflat
e(base64_decode('HJ3HkqNQEkU/Zzq
....
What do I do to remove it completely?

Btw below that code you posted a link to an exploit regarding /install folder.. but I never had an install folder there after installing
Heya,

Interesting on the install thing. For me, that is what I saw all the log files hit.

For removal: this thread helped a ton:
http://www.vbulletin.com/forum/forum...i-e-p0wersurge

In particular, post number 4.

And secondly, although a lot of it is the same, the 2nd post here:
http://www.vbulletin.com/forum/forum...madnet-edition

Especially bullet point #6 as the infected plugin was by author 'vbulletin'. (fake of course, and removed of course.)

Wolver2 10-13-2013 02:06 AM
@Whodah I tried the post nr. 4:

Atm trying to clean.. but im a newbie in this.. will report

KHALIK 10-13-2013 12:49 PM
I am also getting the following message on my vb 4.2.2 when I manually run cron job.

Quote:
Check 4 Hacking

pluginlist-

Done.
Is this a standard message, indicating no infected files found?

Or is it saying pluginlist- is infected ?



Please help

whodah 10-14-2013 04:53 PM
Quote:
Originally Posted by KHALIK (Post 2452901)
I am also getting the following message on my vb 4.2.2 when I manually run cron job.



Is this a standard message, indicating no infected files found?

Or is it saying pluginlist- is infected ?



Please help
Try post #88 in this thread.

Kolbi 10-17-2013 11:18 AM
I'm also getting blank mails.

It seems that tapatalk is the reason for the mails?

Version 4.8.0 Plugin: Tapatalk: Tapatalk Image Link
Code:
$postbits = preg_replace_callback('/(<img src=")(http:\/\/img.tapatalk.com\/d\/[0-9]{2}\/[0-9]{2}\/[0-9]{2})(.*?)(".*>)/i',
create_function(
    '$matches',
    'return \'<a href="http://tapatalk.com/tapatalk_image.php?img=\'.urlencode(base64_encode($matches[2].\'/original\'.$matches[3])).\'" target="_blank" class="externalLink">\'.$matches[1].$matches[2].\'/thumbnail\'.$matches[3].$matches[4].\'</a>\';'
),
$postbits);
Could this be the reason for sending out the mails?

MrD 10-18-2013 10:11 AM
Hi Kolbi,
yes it is.

Kolbi 10-18-2013 01:46 PM
I guess there's no workaround to explicit exclude this plugin?

lazytown 10-19-2013 04:00 AM
uninstalled -- always sends blank email.

Teascu Dorin 10-19-2013 05:09 AM
No email at all for me using demo!

vBullrtin: 4.2.2
Server Type: Linux
Web Server: Apache (cgi-fcgi)
PHP: 5.3.24
MySQL Version: 5.0.96-log

Andy.H 10-28-2013 07:31 PM
As above, we installed Tapatalk 4.8.0 and started getting blank mails and an "infected" pluginlist.

I've disabled the scheduled task but left it installed so it can still be run manually... it could still be a useful tool to scan for infects on demand or if/when required.

Kolbi 10-29-2013 07:24 AM
Quote:
Originally Posted by Andy.H (Post 2456874)
As above, we installed Tapatalk 4.8.0 and started getting blank mails and an "infected" pluginlist.

I've disabled the scheduled task but left it installed so it can still be run manually... it could still be a useful tool to scan for infects on demand or if/when required.
The result: "Infekte Gefunden: pluginlist" doesn't say a lot. Because tapatalk causes this :) and if there would be another infection it still would tell you "pluginlist".

orangefive 10-30-2013 09:57 PM
Quote:
Originally Posted by Andy.H (Post 2456874)
As above, we installed Tapatalk 4.8.0 and started getting blank mails and an "infected" pluginlist.

I've disabled the scheduled task but left it installed so it can still be run manually... it could still be a useful tool to scan for infects on demand or if/when required.
me too

Andy.H 01-07-2014 07:04 PM
Thought I'd try a little tweak to the code. All the base64 hacks I've seen/had to clear up use the base64_decode command. The check4hack.php file looks for "%base64%" out of the box... so I did the following:

In the check4hack.php file, find the line below:

Code:
$infections = $vbulletin->db->query_read("SELECT title FROM " . TABLE_PREFIX . "datastore WHERE data LIKE '%base64%'");
and change to:

Code:
$infections = $vbulletin->db->query_read("SELECT title FROM " . TABLE_PREFIX . "datastore WHERE data LIKE '%base64_decode%'");
Seeing as the Tapatalk code uses the base64_encode command, check4hack.php no longer picks it up as a false positive, and should hopefully still detect any base64_decode hacks... I hope!

:)

whodah 03-05-2014 01:42 AM
Andy.H: Hey cool. That gives me an idea. How about replacing that same line with this:
Code:
$infections = $vbulletin->db->query_read("SELECT title FROM " . TABLE_PREFIX . "datastore WHERE REPLACE(data,'\'return \\\\\'<a href=\"http://tapatalk.com/tapatalk_image.php?img=\\\''.urlencode(base64_encode($matches[2]','TAPATALK_REPLACEMENT_STRING') LIKE '%base64%'");
:D

There might be a more eloquent way, and that wouldn't be 100% fool proof, but really really narrows it down, ya?

whodah 03-20-2014 03:45 AM
Looks like there are two legit base64 in 4.2.2 PL1 -- ya?

Code:
if ((!$message = base64_decode($vbulletin->GPC['pm_message']))) {
and

Code:
!($pagetext = base64_decode($vbulletin->GPC['html']))
everyone agree?

Andy.H 03-24-2014 06:59 PM
Hmm... we're running 4.2.0 PL4 with the scheduled task running and it's not detecting those lines? Maybe they don't appear in 4.2.0?

Which files did you find them in?

PS: nice addition with the detection :)

ForceHSS 03-24-2014 08:10 PM
Quote:
Originally Posted by whodah (Post 2488496)
Looks like there are two legit base64 in 4.2.2 PL1 -- ya?

Code:
if ((!$message = base64_decode($vbulletin->GPC['pm_message']))) {
and

Code:
!($pagetext = base64_decode($vbulletin->GPC['html']))
everyone agree?
This is not in the code by default if you have this then you have an infection

whodah 03-24-2014 08:51 PM
Hi Andy.H and ForceHSS,

Interesting... Digging deeper. The thing that makes me suspect is that I have a backup install on another server, different pw's, that is 100% .htaccess protected (front end and admin end) which has those same two lines...

Digging, will report back...

whodah 03-24-2014 09:10 PM
ForceHSS:

Are you sure you are 4.2.2 PL1 ? If so, do your install files fresh from vB not have this?
Code:
includes/xml/product-panjo.xml:        if ((!$message = base64_decode($vbulletin->GPC['pm_message']))) {
includes/xml/product-panjo.xml:                !($pagetext = base64_decode($vbulletin->GPC['html']))
BTW: I thought it might be interesting to note the other base64_(encode|decode) stuff off a fresh 4.2.2PL1 download:

Code:
[root@hurley upload]# grep -RIi base64_decode *
asset.php:      $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
attachment.php:        $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
blog_attachment.php:    $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
cron.php:$filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
includes/adminfunctions_template.php:                          $vbulletin->db->escape_string(vb_base64_decode($stylevardfn['validation'])) . "', '" .
includes/adminfunctions_template.php:                          $vbulletin->db->escape_string(vb_base64_decode($stylevardfn['failsafe'])) . "', 0, 0
includes/adminfunctions_template.php:          $value = vb_base64_decode($stylevar['value'][0]);
includes/adminfunctions_template.php:          $decode[$stylevars['name']] = vb_base64_decode($stylevars['value'][0]);
includes/facebook/base_facebook.php:    return base64_decode(strtr($input, '-_', '+/'));
includes/functions.php:function vb_base64_decode($string)
includes/functions.php: if (function_exists('base64_decode'))
includes/functions.php:        return base64_decode($string);
includes/functions.php:        return ($decode ? vb_base64_decode($return) : $return);
includes/xml/product-panjo.xml:        if ((!$message = base64_decode($vbulletin->GPC['pm_message']))) {
includes/xml/product-panjo.xml:                !($pagetext = base64_decode($vbulletin->GPC['html']))
picture.php:    $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
[root@hurley upload]# grep -RIi base64_encode *
admincp/navigation.php: $name .= '_' . strtolower(substr(vb_base64_encode(TIMENOW),4,4));
forumrunner/push.php:    $msgargs = array(base64_encode(prepare_utf8_string($vbulletin->options['bbtitle'])));
forumrunner/push.php:      $msgargs[] = base64_encode(count($pms));
forumrunner/push.php:      $msgargs[] = base64_encode(prepare_utf8_string($first_pm['fromusername']));
forumrunner/push.php:      $msgargs[] = base64_encode(count($subs));
forumrunner/push.php:      $msgargs[] = base64_encode(prepare_utf8_string($first_sub['title']));
forumrunner/support/Snoopy.class.php:                  $headers .= "Authorization: Basic ".base64_encode($this->user.":".$this->pass)."\r\n";
forumrunner/support/Snoopy.class.php:                  $headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($this->proxy_user . ':' . $this->proxy_pass)."\r\n";
forumrunner/support/Snoopy.class.php:                  $headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
includes/adminfunctions_plugin.php:                                    'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_plugin.php:                                    'failsafe'  => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_plugin.php:                            'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_plugin.php:                                            'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_plugin.php:                                            'failsafe'  => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_plugin.php:                                    'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_template.php:                                  'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_template.php:                                  'failsafe'  => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_template.php:                          'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_template.php:                                  'value' => vb_base64_encode($stylevar)
includes/class_mail.php:                                        if (!$this->sendMessage(vb_base64_encode($this->smtpUser), 334) OR !$this->sendMessage(vb_base64_encode($this->smtpPass), 235))
includes/facebook/base_facebook.php:  * Exactly the same as base64_encode except it uses
includes/facebook/base_facebook.php:  * Exactly the same as base64_encode except it uses
includes/facebook/base_facebook.php:    $str = strtr(base64_encode($input), '+/', '-_');
includes/functions.php:function vb_base64_encode($string)
includes/functions.php: if (function_exists('base64_encode'))
includes/functions.php:        return base64_encode($string);
includes/functions.php:        $string = vb_base64_encode($string);
vb/verticalresponse.php:                    'contents'  => vb_base64_encode($members),
[root@hurley upload]#

whodah 03-24-2014 09:24 PM
Andy.H: for completness, I checked out 4.2.0PL4, and it looks like those lines are not in there:

Code:
[root@hurley upload]# grep -RIi base64_decode *
asset.php:      $filedata = vb_base64_decode('STRING_REPLACED_BY_WHODAH==');
includes/adminfunctions_template.php:                          $vbulletin->db->escape_string(vb_base64_decode($stylevardfn['validation'])) . "', '" .
includes/adminfunctions_template.php:                          $vbulletin->db->escape_string(vb_base64_decode($stylevardfn['failsafe'])) . "', 0, 0
includes/adminfunctions_template.php:          $value = vb_base64_decode($stylevar['value'][0]);
includes/adminfunctions_template.php:          $decode[$stylevars['name']] = vb_base64_decode($stylevars['value'][0]);
includes/facebook/base_facebook.php:    return base64_decode(strtr($input, '-_', '+/'));
includes/functions.php:function vb_base64_decode($string)
includes/functions.php: if (function_exists('base64_decode'))
includes/functions.php:        return base64_decode($string);
includes/functions.php:        return ($decode ? vb_base64_decode($return) : $return);
[root@hurley upload]# grep -RIi base64_encode *
admincp/navigation.php: $name .= '_' . strtolower(substr(vb_base64_encode(TIMENOW),4,4));
includes/adminfunctions_plugin.php:                                    'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_plugin.php:                                    'failsafe'  => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_plugin.php:                            'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_plugin.php:                                            'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_plugin.php:                                            'failsafe'  => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_plugin.php:                                    'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_template.php:                                  'validation' => vb_base64_encode($stylevar['validation']),
includes/adminfunctions_template.php:                                  'failsafe'  => vb_base64_encode($stylevar['failsafe'])
includes/adminfunctions_template.php:                          'value' => vb_base64_encode($stylevar['value'])
includes/adminfunctions_template.php:                                  'value' => vb_base64_encode($stylevar)
includes/class_mail.php:                                        if (!$this->sendMessage(vb_base64_encode($this->smtpUser), 334) OR !$this->sendMessage(vb_base64_encode($this->smtpPass), 235))
includes/facebook/base_facebook.php:  * Exactly the same as base64_encode except it uses
includes/functions.php:function vb_base64_encode($string)
includes/functions.php: if (function_exists('base64_encode'))
includes/functions.php:        return base64_encode($string);
includes/functions.php:        $string = vb_base64_encode($string);
vb/verticalresponse.php:                    'contents'  => vb_base64_encode($members),
[root@hurley upload]#

ForceHSS 03-24-2014 09:34 PM
Yes I have them in default files as well not sure if all as I have not checked all of them but I am sure if it is a problem vb would post about it so don't worry about it

Andy.H 03-24-2014 09:44 PM
Quote:
Originally Posted by whodah (Post 2489357)
Andy.H: for completness, I checked out 4.2.0PL4, and it looks like those lines are not in there:
That would explain it then. It does leave you in a bit of a quandary if you're running 4.2.2 though. Does it generate any false positives when you run the task manually?

whodah 03-24-2014 11:24 PM
ForceHSS: roger that.

Andy.H: yup yup, false positives as of now. Did you see my post #110 above? I haven't had time to write a replace string for these two yet, but I'm thinking a similar notion would work here too. Thanks for the inspiration for that idea again. :D But really, we could keep whittling out false positives when they come up that way. (I think.)

Azonaco 05-08-2016 07:39 PM
This isn't working on version 4.2.2 for me. Any plans to update this mod?


All times are GMT. The time now is 05:15 PM.
Page 3 of 4 12 3 4
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01630 seconds
  • Memory Usage 1,911KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (27)bbcode_code_printable
  • (10)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete