vb.org Archive - Major Additions - Tournaments, Ladders & Leagues Manager v4.x

Page 89 of 229

« First

139

189

Last »

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)

- - Major Additions - Tournaments, Ladders & Leagues Manager v4.x (https://vborg.vbsupport.ru/showthread.php?t=238945)

Daisuke Niwa

04-28-2011 06:37 PM

Hey! Heads up, I think I found a potential exploit that would allow for SQL Injection with the username. We encountered this error with a member who likes to use apostrophe's in their username:

Quote:

Invalid SQL:
SELECT COUNT(*) AS countrows FROM tmnt_ladder_players WHERE lid='1' AND (userid='4043' OR username='.:'Xari') AND active=1;

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Xari') AND active=1' at line 1

Luckily the user's name wasn't " justanothermember'; DROP TABLE users; -- " or similar.

Is there any way to sanitize the username input without breaking the entire mod?

bananalive

04-28-2011 07:36 PM

Quote:

Originally Posted by Daisuke Niwa (Post 2189766)

Hey! Heads up, I think I found a potential exploit that would allow for SQL Injection with the username. We encountered this error with a member who likes to use apostrophe's in their username:

Luckily the user's name wasn't " justanothermember'; DROP TABLE users; -- " or similar.

Is there any way to sanitize the username input without breaking the entire mod?

Fixed in v4.4.0 (attached in first post).

If you still encounter this mysql error, can you pm/email me the page which is causing it, thanks.

bananalive

04-28-2011 07:37 PM

Quote:

Originally Posted by rammieone (Post 2189599)

I have just noticed that some match reports comments dont appear to show up after making them on ladder matches any ideas???

It just says No comments yet...

There was a limit on the comment query by mistake, fixed in v4.4.0

ProFifaLeagues

04-28-2011 07:41 PM

Thank again Banana :)

ProFifaLeagues

04-28-2011 07:51 PM

Updated and thats fixed my issues thank you!!!

Killerhands

04-29-2011 10:05 AM

Hi, I'm currently using this mod on vb 4.1.3 and am trying to get the custom profile field on the bracket to work.

I changed the setting in the vB Options section to allow custom profile fields in tournament brackets. I then input "{vb:raw userinfo.field5}" into the tmnt_bracket template but it doesn't show up on new tournaments or previous tournaments.

Am I doing something wrong or is there a bug I'm not aware of?

bananalive

04-29-2011 04:12 PM

Quote:

Originally Posted by HighJinx (Post 2185553)

I'm shockingly bad at coding, using firebug to implement images underneath the rounds, this is a request to have an option to insert different maps/images at different rounds when creating tournaments.

Is this possible?

Keep up the good work :)

v4.4.1+ (to be released...)

Create vBulletin Hook in AdminCP with hook location tll_tmnt_view_post_query and the following php code

PHP Code:


		
			
if ($tid==45)
{
$template_hook['round1'] .= "<br />Map 1";
$template_hook['round2'] .= "<br />Map 2";
$template_hook['round3'] .= "<br />Map 3";
$template_hook['round4'] .= "<br />Map 4";
$template_hook['round5'] .= "<br />Cup";
}

45 is the tournament id

bananalive

04-29-2011 04:23 PM

Quote:

Originally Posted by Killerhands (Post 2189945)

It will only affect Single Elimination tournaments and 4 player/team double elimination tournaments.

I've tested it and it works for me...

Whereabouts are you putting it in tmnt_bracket? - I would suggest around the line:

HTML Code:

<a href="<vb:if condition="$team">competitions.php?do=viewteam&amp;id={vb:raw userinfo.userid}<vb:else />{vb:link member, {vb:raw userinfo}}</vb:if>">{vb:raw userinfo.username}</a>

Zaelock

04-30-2011 09:13 AM

Is there a way to remove Uncategorised Ladders, Uncategorised Leagues and Uncategorised Tournaments

bananalive

04-30-2011 03:58 PM

Quote:

Originally Posted by Zaelock (Post 2190268)

Is there a way to remove Uncategorised Ladders, Uncategorised Leagues and Uncategorised Tournaments

Yes, in v4.4.1+

Create vBulletin plugin with hook location tll_prepare_index and php code

PHP Code:


		
			
if (!$c)
{
$show['no_uncat'] = true;
}

All times are GMT. The time now is 02:38 AM.

Page 89 of 229

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03030 seconds Memory Usage 1,755KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_html_printable (2)bbcode_php_printable (6)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (5)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: