|
The plugin in itself is not insecure as I do not believe that the intention of scanning files for malicious code was ever its intent. That being said you can then say vBulletin is not secure in that the way it allows you to have attachments and upload avatars. There is a known exploit:
The following issues exist in vBulletin itself, reported by us to vBulletin support over 60 days ago(years now). Since vBulletin has not patched or disclosed the issues since that time, we now do so here: An image decompression bomb vulnerability exists when vBulletin Options > Message Attachment Options > Resize Images = Yes. Disable it to protect your site. An image decompression bomb vulnerability exists when allowing user uploads for avatars and profile pictures. To protect your site, change your forum's permissions so that users cannot upload custom avatars or profile pics. An image decompression bomb vulnerability exists when using ImageMagick for images and allowing uploads. Currently known issues are for PDFs and TIFFs; however, because the filename of the incoming upload is not trustworthy, removing entries from the Attachment Manager or changing Attachment Permissions are not viable options. The following mitigation options exist: Change vBulletin Options > Image Settings > Image Processing Library = GD, OR Change your forum's permissions so that no users can upload anything. In an attempt to figure the best way to resolve this sort of thing would be to update the Fractalizer Plugin to work with VB 4: https://vborg.vbsupport.ru/showthread.php?t=187482 |
Any fix for PHP 7.1+
PHP Fatal error: [] operator not supported for strings on line 324 in /home/........./public_html/forums/includes/cron/iei_cron.php |
Edit
PHP Code:
PHP Code:
PHP Code:
Edit: former edit of line 342 was stupid. Deleted |
Thank you for the quick reply :)
File edits made. Will check the log file latter on tonight and see if anything pops back up. Still getting (1) error with this... NOTICE: PHP message: PHP Fatal error: syntax error, unexpected ';', expecting ']' on line 334 in /home/........./public_html/forums/includes/cron/iei_cron.php" This did not work... Code:
if(!count($image_tags)) |
I'm very unhappy with PHP 7, which converts the untyped language in a typed one. Having said this, you may test
if (isset($iei_ignore)) ... in order to see if the variable was actually set, or better, use a different variable to read the value, and use $iei_ignore = array(); beforehand. E.g.: $iei_ignore = array(); $x_ignore = explode("\r\n", $input_ignore); if (!is_array($x_ignore)) { $iei_ignore[] = $bburl; } else { $iei_ignore = $x_ignore; } |
Quote:
But of course you can use the other version or from y2ksw (but the if conditions there is wrong I think) |
$image_tags = array('img');
As far as I know, implicit arrays are not allowed for a long time by now, but explicit arrays like above, must work. |
Is there anyway to get this to support a URL such as:
Code:
https://scontent-lax3-1.xx.fbcdn.net/v/t1.0-9/fr/cp0/e15/q65/94475070_10213603321997797_6910232200327725056_o.jpg?_nc_cat=108&_nc_sid=ca434c&efg=eyJpIjoidCJ9&_nc_oc=AQlsUa106dvp0CMIRD8nGvIE-2Hc9WyOAf3nmJ0ANiOGTbUAnpGlycnsQFC5Sbpeq-4zdhQUmJqUb9BVRXAP4Uvg&_nc_ht=scontent-lax3-1.xx&_nc_tp=14&oh=ee495fa093d4139e821daa867b450a8e&oe=5EC82DE0 |
I was going to suggest you strip off everything after the .jpg extension so it would just be this:
Code:
https://scontent-lax3-1.xx.fbcdn.net/v/t1.0-9/fr/cp0/e15/q65/94475070_10213603321997797_6910232200327725056_o.jpgMaybe because it's a CDN, possibly a private CDN? |
Quote:
|
| All times are GMT. The time now is 03:13 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|