vb.org Archive
Page 4 of 5 « First 23 4 5
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Excessive Smilies overloading Servers (https://vborg.vbsupport.ru/showthread.php?t=41281)

Logician 12-27-2002 09:05 AM
Quote:
Originally posted by Boofo
What code would I need to warn someone with a PM telling them that they will be banned if it happens again?
You can play with this code:

PHP Code:
$greeter="enter senders id";
$receiver="enter receivers id";
$title2="PM title";
eval("\$warning_pm = \"".gettemplate("warning_pm",1,0)."\";");
                    $DB_site->query("INSERT INTO privatemessage (privatemessageid,userid,touserid,fromuserid,title,message,dateline,showsignature,iconid,messageread,folderid) VALUES (NULL,$receiver,$receiver,$greeter,'".addslashes(htmlspecialchars($title2))."','".addslashes($warning_pm)."',".time().",1,1,0,0)"); 
However one important warning here:
bbcodeparse and bbcodeparse2 functions are called from many parts of vb code, not only when someone posts a message. Therefore if you apply a hack there you have to make sure, the conditional the hack depends will not be TRUE when the function is called from somewhere else in vb code.

Let's discuss on an example:
If you apply send PM hack above in this function and make sure it runs when a post has more than 1000 smilies, the poster who will snd a post with 1000 smilies will receive your PM. But if you don't clear all existing posts with 1000 smilies, someone who accidently visited such a post will also receive this PM because the same function will be called and the condition will prove TRUE in showthread.php too.

Bottom line is: Before applying such hacks into this function, make sure you cleared all existing posts/PMs from your database in the first place. Then you can be sure the hack will only apply to new posters only as it should..

PHP Code:
 And can I do it for a particular user if he does it more than once
no easy way. You have to form a structure that will track warning of the users..

Boofo 12-27-2002 09:50 AM
Thanks, Sinan. :) I'll play around with it and let you know what I come up with.

By this:

Quote:
Before applying such hacks into this function, make sure you cleared all existing posts/PMs from your database in the first place.
do you mean if I have "Moderate posts" turned on? Because I don't.

Logician 12-27-2002 10:54 AM
Quote:
Originally posted by Boofo
By this:

do you mean if I have "Moderate posts" turned on? Because I don't.
No.. I mean whatever max.smilie number you specified in this hack, you make sure you don't have existing posts in your database which have that many smilies in them. If any, delete them before applying the hack.

Otherwise the hack code will apply to visitors of these threads too, not only new posters..

Boofo 12-27-2002 11:05 AM
oh, ok, that makes a little more sense now. Thank for explaining that to me. :)

By the way, where do I set these variables?

$greeter="enter senders id";
$receiver="enter receivers id";
$title2="PM title";

Rushy 12-27-2002 02:19 PM
I ckecked that and it's still doing it. It posts the post and then renders the thread useless.

Quote:
Originally posted by Logician

ok then there is one possibility left and that is your "Maximum images per post/signature" settings in Admin CP/vb settings is set to 0.

Change it to any value except 0 and the hack will work.. ;)

eXtremeTim 06-09-2003 03:27 PM
Hmm my windows server seems to be safe against this our at least at the moment. When i add a ton of smilies im guessing near 1000 or so then it says my script did not return a complete set of headers. But if i go to like 900 then my server just flies to the to many images page in under a second.

Kaelon 06-27-2003 12:39 PM
Upon checking this, vBulletin 2.30 still shares this vulnerability, so I recommend that users apply this patch promptly.

Kaelon

Kaelon 09-03-2003 01:01 AM
vBulletin 2.3.2 still, furthermore, still has this vulnerability. I would recommend it be included in vBulletin 3.

Logician 09-03-2003 08:55 AM
Just curious: Have you ever reported it as a bug in vb.com? I think it deserves to be accepted as a "bug" so I think it would be corrected if reported in vb.com.

Tae-Hwan 10-17-2003 08:06 PM
logician is the man!


All times are GMT. The time now is 10:07 AM.
Page 4 of 5 « First 23 4 5
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01198 seconds
  • Memory Usage 1,748KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete