vb.org Archive
Page 4 of 6 « First 23 4 56
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Add-On Releases - EPC PM Notifications "SUITE" with AJAX (https://vborg.vbsupport.ru/showthread.php?t=156013)

chewbacca 08-25-2007 04:52 AM
Very nice, thanks for this mod.

Andreas 08-25-2007 05:11 AM
This modification has a major Bug:
PHP Code:
exec_shut_down(); 
This call kills the datbase connection - which causes database errors for example in payment_gateway.php for Payment APIs that require feedback display - as there are queries being run after the call to build_user_subscription().

Also, why don't you just use phrases for the subject and body text?
Would make it a lot easier and language independant :)

blogtorank 08-25-2007 04:14 PM
Update and Security fix:

v1.2:
  • Converted to a Suite with many more options and cool features
  • More secure than v1.1 due to a flag we just received last night about a possible SQL Injection possibility. So we corrected it all overnight :)

AzzidReign 08-25-2007 04:15 PM
Awesome! Great work!! Thanks for the fix.

Andreas 08-25-2007 04:29 PM
New Bug: Version 1.2 will cause a fatal PHP error if build_user_subscription() is called more then due to redefined functions.

A few suggestions
PHP Code:
    foreach($_POST as $key => $value){
            $ds[$key] = $value;
        }
        $vbulletin->input->clean_array($ds, array(
            'send_pm_global' => TYPE_NOHTML,
            'send_em_global' => TYPE_NOHTML,
            'pm_from_global' => TYPE_NOHTML,
            'send_pm_paidsub' => TYPE_NOHTML,
            'pm_title_paidsub' => TYPE_NOHTML,
            'pm_message_paidsub' => TYPE_NOHTML,
            'send_em_paidsub' => TYPE_NOHTML,
            'em_subject_paidsub' => TYPE_NOHTML,
            'em_body_paidsub' => TYPE_NOHTML
        )); 
Why not just
PHP Code:
$vbulletin->input->clean_array_gpc('p', array(
    'send_pm_global' => TYPE_NOHTML,
    'send_em_global' => TYPE_NOHTML,
    'pm_from_global' => TYPE_NOHTML,
    'send_pm_paidsub' => TYPE_NOHTML,
    'pm_title_paidsub' => TYPE_NOHTML,
    'pm_message_paidsub' => TYPE_NOHTML,
    'send_em_paidsub' => TYPE_NOHTML,
    'em_subject_paidsub' => TYPE_NOHTML,
    'em_body_paidsub' => TYPE_NOHTML
)); 
PHP Code:
$db->query_write("UPDATE " TABLE_PREFIX "datastore SET data='" $db->escape_string(slw_serial($ds)) . "' WHERE title='pmnotify'"); 
You should never UPDATE table datastore directly, as the user might use a datastore cache - and thus your updated data will not be in the cache (until it gets cleared).
Use build_datastore() instead.

PHP Code:
$current_dt strtotime("now"); 
The current timestamp is available as constant TIMENOW - seems unnecessary overhead to create it again.

Inkybro 08-26-2007 03:44 AM
Quote:
Originally Posted by Andreas (Post 1325503)
New Bug: Version 1.2 will cause a fatal PHP error if build_user_subscription() is called more then due to redefined functions.

A few suggestions
PHP Code:
    foreach($_POST as $key => $value){
            $ds[$key] = $value;
        }
        $vbulletin->input->clean_array($ds, array(
            'send_pm_global' => TYPE_NOHTML,
            'send_em_global' => TYPE_NOHTML,
            'pm_from_global' => TYPE_NOHTML,
            'send_pm_paidsub' => TYPE_NOHTML,
            'pm_title_paidsub' => TYPE_NOHTML,
            'pm_message_paidsub' => TYPE_NOHTML,
            'send_em_paidsub' => TYPE_NOHTML,
            'em_subject_paidsub' => TYPE_NOHTML,
            'em_body_paidsub' => TYPE_NOHTML
        )); 
Why not just
PHP Code:
$vbulletin->input->clean_array_gpc('p', array(
    'send_pm_global' => TYPE_NOHTML,
    'send_em_global' => TYPE_NOHTML,
    'pm_from_global' => TYPE_NOHTML,
    'send_pm_paidsub' => TYPE_NOHTML,
    'pm_title_paidsub' => TYPE_NOHTML,
    'pm_message_paidsub' => TYPE_NOHTML,
    'send_em_paidsub' => TYPE_NOHTML,
    'em_subject_paidsub' => TYPE_NOHTML,
    'em_body_paidsub' => TYPE_NOHTML
)); 
PHP Code:
$db->query_write("UPDATE " TABLE_PREFIX "datastore SET data='" $db->escape_string(slw_serial($ds)) . "' WHERE title='pmnotify'"); 
You should never UPDATE table datastore directly, as the user might use a datastore cache - and thus your updated data will not be in the cache (until it gets cleared).
Use build_datastore() instead.

PHP Code:
$current_dt strtotime("now"); 
The current timestamp is available as constant TIMENOW - seems unnecessary overhead to create it again.
Hey man, thanks for the suggestions and information!

Can you please elaborate on the v1.2 bug, I don't quite understand how to prevent what you're saying. Any help here would be appreciated.

Will be remembering this and implementing it in the next update.

Once again, tons of thanks =]

blogtorank 08-26-2007 04:29 AM
Update is coming, so hang loose! :)

blogtorank 08-26-2007 04:39 AM
v1.5:
  • Renamed the whole project to EPC PM Notifications "Suite" you will see why when you install!
  • Security fixes
  • Optimized code

Andreas 08-26-2007 04:11 PM
Quote:
Originally Posted by Inkybro (Post 1325821)
Can you please elaborate on the v1.2 bug, I don't quite understand how to prevent what you're saying. Any help here would be appreciated.
It is still present in 1.5 ...

On hook paidsub_build you are defininig two functions - slw_serial() and slw_unserial().
Now, if method build_user_subscription() is being called several times within one script run, this will cause a fatal error as you the functions are already defined when the plugin is called the second time - which will halt script execution.

Also, I don't understand why you are using custom serialize functions anyway :)

Instead of $db->fetch_array($db->query_read()), $db->query_first is easier.

I also suggest to use phrases instead of the datastore item - this is the standard way to do such things (PM;/E-Mail Notifications).

Finally, having hardcoded text in PHP scripts is deprecated.

Inkybro 08-26-2007 05:02 PM
Quote:
Originally Posted by Andreas (Post 1326093)
It is still present in 1.5 ...

On hook paidsub_build you are defininig two functions - slw_serial() and slw_unserial().
Now, if method build_user_subscription() is being called several times within one script run, this will cause a fatal error as you the functions are already defined when the plugin is called the second time - which will halt script execution.

Also, I don't understand why you are using custom serialize functions anyway :)

Instead of $db->fetch_array($db->query_read()), $db->query_first is easier.

I also suggest to use phrases instead of the datastore item - this is the standard way to do such things (PM;/E-Mail Notifications).

Finally, having hardcoded text in PHP scripts is deprecated.
I gotcha now. So running an if(!function_exists()) would probably get that fixed.

About $db->query_first(), never knew what it did but now I do, so thanks =]

As for phrases, we wanted to offer the user a more personal and seamless experience, where they only have to use our control panel to change their settings. I understand that this isn't the standard way of doing things, but it seems to offer a better experience, which is what we're all about. Maybe I could code it to use phrases, create my own phrase group, and have a link pointed to that phrase group. I'll look into this, unless you have some suggestions.

Thanks again for the help, I'm still getting the hang of vB's system, and you've helped a lot!

EDIT The reason I'm using these functions, is because a serialize() or unserialize() fails if there is an apostrophe in the data. I don't know why, it's weird, because in our vbMailer mod, this doesn't occur. I don't have any idea why.


All times are GMT. The time now is 04:53 AM.
Page 4 of 6 « First 23 4 56
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01270 seconds
  • Memory Usage 1,780KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (9)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete