vb.org Archive
Page 1 of 5 1 23 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)
-   -   Implementing CSRF Protection in modifications (https://vborg.vbsupport.ru/showthread.php?t=177013)

Marco van Herwaarden 04-23-2008 10:00 PM
Implementing CSRF Protection in modifications
 
With the new version released today for vBulletin 3.6.10 and 3.7.0 RC4, a new protection against Cross Site Request Forgery (CSRF) has been introduced. This new protection might influence the coding in modifications.

Scott MacVicar took the time to compile a short explanation on this new protection for the coders on vBulletin.org:

Changes for CSRF protection with third party modifications

Cross Site Request Forgery (CSRF) involves taking advantage of the stateless nature of HTTP, there are no ways to ensure the exact origin of a request, its also not possible to detect what was actually initiated by a user and what was forced by a third party script. A token was added to the latest version of each of the vBulletin products, with the release of 3.6.10 and 3.7.0 RC4 it is no longer possible to submit a POST request directly without passing in the known token.

The addition of a security token for each POST request removes the ability for a remote page to force a user to submit an action. At the moment this protection will only apply to vBulletin files and third party files will need to opt into this protection and add the appropriate hidden field. This was done to preserve backwards compatibility.

Adding Protection to your own files

To opt your entire file into CSRF protection the following should be added to the top of the file under the define for THIS_SCRIPT.

PHP Code:
define('CSRF_PROTECTION'true); 
With this change all POST requests to this file will check for the presence of the securitytoken field and compare it to the value for the user, if its wrong an error message will be shown and execution with halt.

If this value is set to false then all CSRF protection is removed for the file, this is appropriate for something that intentionally accepts remote POST requests.

You should always add this to your file, even if you don't think the script is ever going to receive POST requests.

An absence of this defined constant within your files will result in the old style referrer checking being performed.

Template Changes

The following should be added to all of the forms which POST back to vBulletin or a vBulletin script. This will automatically be filled out with a 40 character hash that is unique to the user.

Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Again it is worthwhile adding this to your templates even if it is currently not using the CSRF protection.

Exempting Certain Actions

It may be appropriate to exempt a particular action from the CSRF protection, in this case you can add the following to the file.

PHP Code:
define('CSRF_SKIP_LIST''action_one,action_two'); 
The above example would exempt both example.php?do=action_one and example.php?do=action_two from the CSRF protection, if the CSRF_SKIP_LIST constant is defined with no value then it will exempt the default action.

If the skip list needs to be changed at runtime is it available within the registry object, using the init_startup hook the following code would be used to exempt 'example.php?do=action_three'.

PHP Code:
if (THIS_SCRIPT == 'example')
{
        $vbulletin->csrf_skip_list[] = 'action_three';

Dismounted 04-24-2008 07:20 AM
Also, you need to add the security token to AJAX requests using POST. This can be simply added using the variable "SECURITYTOKEN". An example is below.
Code:
YAHOO.util.Connect.asyncRequest('POST', scriptpath + '?do=ajax', {
        success: this.handle_ajax_response,
        failure: this.handle_ajax_error,
        timeout: vB_Default_Timeout,
        scope: this
}, SESSIONURL + 'securitytoken=' + SECURITYTOKEN + '&foo=' + foo);

RedFoxy 04-24-2008 03:23 PM
If you wanna search all template that you need to edit to add "<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />" you can use that query in your MySQL database:

Quote:
SELECT templateid , title , styleid FROM template WHERE template_un NOT LIKE '%<input type="hidden" name="s" value="$session[sessionhash]" />%<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />%' AND template_un LIKE '%<input type="hidden" name="s" value="$session[sessionhash]" />%' ORDER BY title ASC, styleid ASC;
I used it to fix all mod that i've installed in my vBulletin board

--------------- Added [DATE]1209056453[/DATE] at [TIME]1209056453[/TIME] ---------------

calendarjump, FAQ, forumjump, WHOSONLINE don't need to be edited if you haven't modded it

GoTTi 04-24-2008 05:22 PM
wow now THIS is a headache. i have security token errors all over my forum....

--------------- Added 24 Apr 2008 at 11:31 ---------------

so WHAT does this mean? that we have to redo ALL of our mods and templates with this CSRF or whatever code???

Wayne Luke 04-24-2008 06:09 PM
Quote:
Originally Posted by GoTTi (Post 1498357)
so WHAT does this mean? that we have to redo ALL of our mods and templates with this CSRF or whatever code???
It means you need to add the one line of HTML above to your templates and submission forms that are causing the errors.

GoTTi 04-24-2008 07:51 PM
wow now this is retarded....

echo2kk5 04-24-2008 11:52 PM
Quote:
Originally Posted by Wayne Luke (Post 1498407)
It means you need to add the one line of HTML above to your templates and submission forms that are causing the errors.
Can someone give an example on how to do that? I am not a coder and get lost with this easily...now for the trained eye it's no doubt a piece of cake. For instance I was using the Cyb PayPal Donate Mod and upgrading to 3.6.10 broke it with that security token update. I posted in that thread yesterday but I don't think the creator has been around.

Aclikyano 04-25-2008 12:14 AM
<font face="Tahoma">OK...... wanna explain this for the SLOW?
which templates SPECIFICLY do we need to add WHAT SPECIFIC code? to make 3rd party mods (vb.com) to WORK correctly on our sites?

I think a few 100 people are STUCK on what to do even tho it was explained from "coders", leaving "non-coders" and only editors of codes or mods such as myself BAFFLED as to what Exactly and how Exactly to do the such above instructions...</font>

King Kovifor 04-25-2008 12:34 AM
Quote:
Originally Posted by Aclikyano (Post 1498676)
OK...... wanna explain this for the SLOW?
which templates SPECIFICLY do we need to add WHAT SPECIFIC code? to make 3rd party mods (vb.com) to WORK correctly on our sites?

I think a few 100 people are STUCK on what to do even tho it was explained from "coders", leaving "non-coders" and only editors of codes or mods such as myself BAFFLED as to what Exactly and how Exactly to do the such above instructions...
You must add this to any form on your site. I haven't tried the query above, but it should work and you can add them.

valdet 04-25-2008 12:34 AM
Quote:
Originally Posted by RedFoxy (Post 1498253)
If you wanna search all template that you need to edit to add "<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />" you can use that query in your MySQL database:



I used it to fix all mod that i've installed in my vBulletin board

--------------- Added Thursday, 24 April 2008, 19 at 19:00 ---------------

calendarjump, FAQ, forumjump, WHOSONLINE don't need to be edited if you haven't modded it
Does this MySQL query mean that it will insert the
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
after each instances of the following code
Code:
<input type="hidden" name="s" value="$session[sessionhash]" />
This will affect only templates that need the security token embedded right?

DustyJoe 04-25-2008 12:39 AM
=/ I dont get it, I have errors now too.. with RC 4

echo2kk5 04-25-2008 12:43 AM
Quote:
Originally Posted by King Kovifor (Post 1498686)
You must add this to any form on your site. I haven't tried the query above, but it should work and you can add them.
What are the "forms"? and where do we edit them?

Aclikyano 04-25-2008 12:55 AM
everyone has errors ^^ by FORMS i think he means TEMPLATES. (style settings, etc)

Wayne Luke 04-25-2008 01:24 AM
Quote:
Originally Posted by Aclikyano (Post 1498699)
everyone has errors ^^ by FORMS i think he means TEMPLATES. (style settings, etc)
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.

echo2kk5 04-25-2008 01:36 AM
Thank you Wayne. :up:

RedFoxy 04-25-2008 08:43 AM
Quote:
Originally Posted by valdet (Post 1498687)
Does this MySQL query mean that it will insert the
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
after each instances of the following code
Code:
<input type="hidden" name="s" value="$session[sessionhash]" />
This will affect only templates that need the security token embedded right?
yep

shahryar_neo 04-25-2008 12:24 PM
Quote:
Originally Posted by RedFoxy (Post 1498864)
yep
Is use your code but my ajax problem not solved !

2- Thanks Plugin Doesn't work again and it doesn't work on this mod .

:(

i have a question to vBulletin Core Dev Team : Sorry , Did you thinking before release a version perfectly ? :confused: because about the 98% percent of the forums i think use the many mods and with your advices no thing gonna change! because no body can modify the all form !

Dismounted 04-25-2008 12:46 PM
Have you even read the first reply to the thread regarding AJAX requests?

Opserty 04-25-2008 12:49 PM
Quote:
Is use your code but my ajax problem not solved !

2- Thanks Plugin Doesn't work again and it doesn't work on this mod .
If you are experiencing problems with a modification post in the thread from which you downloaded it, this thread is intended to give advice to those with a small amount of knowledge of vBulletin, PHP and HTML. If you don't have this knowledge you must wait till the author releases a working version of the respective modification.

Quote:
Originally Posted by shahryar_neo (Post 1498970)
i have a question to vBulletin Core Dev Team : Sorry , Did you thinking before release a version perfectly ? :confused: because about the 98% percent of the forums i think use the many mods and with your advices no thing gonna change! because no body can modify the all form !
Either you have a partially working forum or one that is vulnerable to attacks, I know which one I'd choose.

baghdad4ever 04-25-2008 12:53 PM
thanks

Wayne Luke 04-25-2008 02:51 PM
Quote:
Originally Posted by shahryar_neo (Post 1498970)
i have a question to vBulletin Core Dev Team : Sorry , Did you thinking before release a version perfectly ? :confused: because about the 98% percent of the forums i think use the many mods and with your advices no thing gonna change! because no body can modify the all form !
I have 17 products installed comprised of 88 plugins and quite a few new templates. I had a problem with one product after upgrading to vBulletin 3.7.0 RC4 on my site. That was Princeton's Quick Reply in PMs. Adding the security token to the form took about 20 seconds and the site was fully operational again.

midwestce 04-25-2008 03:38 PM
I did the find/replace fix and now on several pages I have an extra /> hanging around. Various mods are still not working. Any help is appreciated.

Golzarion 04-25-2008 05:47 PM
Quote:
Originally Posted by Wayne Luke (Post 1498706)

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after it, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.
Thank you !:up: I do all the changes and now have no problem ..

lt was not too hard:) ... infact it is easy .. the other way is :

Quote:
Originally Posted by RedFoxy (Post 1498253)
If you wanna search all template that you need to edit to add "<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />" you can use that query in your MySQL database:
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
after each instances of the following code
Code:
<input type="hidden" name="s" value="$session[sessionhash]" />


I used it to fix all mod that i've installed in my vBulletin board

--------------- Added [DATE]1209056453[/DATE] at [TIME]1209056453[/TIME] ---------------

calendarjump, FAQ, forumjump, WHOSONLINE don't need to be edited if you haven't modded it

shahryar_neo 04-26-2008 10:36 AM
Quote:
Originally Posted by Dismounted (Post 1497947)
Also, you need to add the security token to AJAX requests using POST. This can be simply added using the variable "SECURITYTOKEN". An example is below.
Code:
YAHOO.util.Connect.asyncRequest('POST', scriptpath + '?do=ajax', {
        success: this.handle_ajax_response,
        failure: this.handle_ajax_error,
        timeout: vB_Default_Timeout,
        scope: this
}, SESSIONURL + 'securitytoken=' + SECURITYTOKEN + '&foo=' + foo);
sorry for my low information . can yoy simplified this instruction for using ajax requests using POST ?

sv1cec 04-26-2008 11:57 AM
Could some one PLEASE tell me how to close this vulnerability in vB 3.0.xx?

I would certainly appreciate it.

Kaycee123 04-26-2008 03:15 PM
Quote:
Originally Posted by RedFoxy (Post 1498253)
If you wanna search all template that you need to edit to add "<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />" you can use that query in your MySQL database:



I used it to fix all mod that i've installed in my vBulletin board

--------------- Added [DATE]1209056453[/DATE] at [TIME]1209056453[/TIME] ---------------

calendarjump, FAQ, forumjump, WHOSONLINE don't need to be edited if you haven't modded it
I have tried this query under Maintenance - Run SQL query, and also on my PHPMyAdmin database query

Both come back with the same error:

An error occurred while attempting to execute your query. The following information was returned.
error number: 1146
error desc: Table 'iwfu2_main.template' doesn't exist

Dilmah 04-26-2008 04:09 PM
Quote:
Originally Posted by sv1cec (Post 1499719)
Could some one PLEASE tell me how to close this vulnerability in vB 3.0.xx?

I would certainly appreciate it.
Upgrade.

powerful_rogue 04-26-2008 05:25 PM
Quote:
Originally Posted by Dismounted (Post 1497947)
Also, you need to add the security token to AJAX requests using POST. This can be simply added using the variable "SECURITYTOKEN". An example is below.
Code:
YAHOO.util.Connect.asyncRequest('POST', scriptpath + '?do=ajax', {
        success: this.handle_ajax_response,
        failure: this.handle_ajax_error,
        timeout: vB_Default_Timeout,
        scope: this
}, SESSIONURL + 'securitytoken=' + SECURITYTOKEN + '&foo=' + foo);
Hi,

Im trying to get one of my important mods to work, but not having much luck. Ive tried all the other advice, and the only thing I can think it could be is the Ajax.

This is the part of the mod:

Quote:
<script type="text/javascript">
var qstring = '';

function check_pager(qstring)
{
vbPage = new vB_AJAX_Handler(true);
vbPage.onreadystatechange(ShowPager);

if (qstring=='' || qstring==null)
{
vbPage.send('$vboptions[vbpager_forum_dir_name]pager.php?action=pager&do=readpager&', 'nocache=' + (5 * Math.random() * 1.33) );
}
else
{
vbPage.send('$vboptions[vbpager_forum_dir_name]pager.php', qstring);
}
}

function Close_Pager(qstring)
{
check_pager(qstring);
}

function ShowPager()
{
var refreshtime = {$vboptions['vbpager_ajax_refresh']};
if (refreshtime > 0)
refreshtime = refreshtime * 1000;

if (vbPage.handler.readyState == 4 && vbPage.handler.status == 200)
{

// Ignore result if its "Fatal Error"
resultText = vbPage.handler.responseText;
isError = resultText.indexOf("Fatal error");
if (isError >= 0 && isError < 25)
vbPage.handler.responseText = '';

if (vbPage.handler.responseText)
{
document.body.style.cursor = 'default';
pagerbox = fetch_object('PLAYER');
pagerbox.innerHTML = vbPage.handler.responseText;
displayPager();
if (vbPage.handler.responseText == '' || vbPage.handler.responseText == null)
{
pagerbox.innerHTML = '';
setTimeout('check_pager()', refreshtime);
}
}
else
{ if (refreshtime > 0)
setTimeout('check_pager()', refreshtime);
}
}
}
check_pager();
</script>
Quote:
<script type="text/javascript">
var qstring = '';

function new_pager(qstring)
{
vbPage = new vB_AJAX_Handler(true);
vbPage.onreadystatechange(ShowPager);

if (qstring=='' || qstring==null)
{
return false;
}
else
{
vbPage.send('$vboptions[vbpager_forum_dir_name]pager.php', qstring);
}
}

function Pager(tform)
{
var users = new Array();
var arrCount = 0;
for (i = 0; i < tform.elements.length; i++)
{
var element = tform.elements[i];
if ((element.name != "allbox") && (element.type == "checkbox") && (element.checked == true))
{
users[arrCount] = element.value;
arrCount++;
}
}
if (arrCount == 0)
{
alert("$vbphrase[pager_no_user_selected]");
return false;
}
else
{
var querystring = "";
for (i = 0; i < users.length; i++)
{
querystring += "&userid[]=" + users[i];
}
}
querystring = "action=pager&do=newpagertouser&" + querystring;
new_pager(querystring);
}

function PagertoUser(userid)
{
if (userid != null || userid != '')
{
querystring = "action=pager&do=newpagertouser&userid[]=" + userid;
exec_refresh(1);
new_pager(querystring);
}
}

function ShowPager()
{
if (vbPage.handler.readyState == 4 && vbPage.handler.status == 200)
{
if (vbPage.handler.responseText)
{
var refreshtime = 5000;
document.body.style.cursor = 'default';
pagerbox = fetch_object('PLAYER');
pagerbox.innerHTML = vbPage.handler.responseText;
displayPager();
if (vbPage.handler.responseText == '' || vbPage.handler.responseText == null)
{
pagerbox.innerHTML = '';
}
}
else
{
toggle_disabled(1, 'buddylist_option');
}
}
}
</script>
Theres a few other mention, but from looking at those, where abouts would you suggest puttign the security token?

I would ask in the mod thread, however this has been unsupported a long time ago!

King Kovifor 04-26-2008 05:26 PM
Quote:
Originally Posted by Kaycee123 (Post 1499846)
I have tried this query under Maintenance - Run SQL query, and also on my PHPMyAdmin database query

Both come back with the same error:

An error occurred while attempting to execute your query. The following information was returned.
error number: 1146
error desc: Table 'iwfu2_main.template' doesn't exist
That is because you most likely have a table prefix inside of it. Try following this post instead:

Quote:
Originally Posted by Wayne Luke (Post 1498706)
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.

Boofo 04-26-2008 05:30 PM
The bad part is that not all forms have value="$session[sessionhash]" in them in some of the hacks out there. I basically look for <form and then add the line anywhere underneath that where there is a <input type="hidden" line.

powerful_rogue 04-26-2008 05:36 PM
Quote:
Originally Posted by Boofo (Post 1499947)
The bad part is that not all forms have value="$session[sessionhash]" in them in some of the hacks out there. I basically look for <form and then add the line anywhere underneath that where there is a <input type="hidden" line.
Thats the problem I was having with vbpager. I looked for every <form.... and every method=post and put the security token code underneath.

Thats why I think its now an ajax issue. Ive tried to figure it out but to no avail. The odd thing is, it works fine in 3.6.10, but not in 3.7 RC4

--------------- Added [DATE]1209242134[/DATE] at [TIME]1209242134[/TIME] ---------------

problem solved! I had a search around and tried the fix that was being used for a shoutbox.

I changed all 3 instances of "securitytoken=" to "&securitytoken=" in vbulletin_global.js and it did the trick!

rinkrat 04-26-2008 09:57 PM
I can't save my vbulletin settings without this error.

What do I change to fix this? In a template?


I also can not import any hacks without an error.

Where do I fix this? In a template?

--------------- Added [DATE]1209251058[/DATE] at [TIME]1209251058[/TIME] ---------------

Quote:
Originally Posted by Wayne Luke (Post 1498706)
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.

I am getting the error when I try to edit a template and save it so this will not work.

Lynne 04-26-2008 10:42 PM
Quote:
Originally Posted by rinkrat (Post 1500145)
I am getting the error when I try to edit a template and save it so this will not work.
Note that what you quoted says to "add this line directly after the line containing the above", not directly after that code.

rinkrat 04-26-2008 10:53 PM
I cannot do anything, including editing templates, turning the board on or loading templates without the security error.

Lynne 04-26-2008 10:55 PM
You may want to run the upgrade script again so it makes the necessary changes or run the query listed back on the first page.

cmedic101 04-26-2008 11:08 PM
I added this line to all my custom templates and followed the instructions as listed.

No errors
No problems with any mods
casino is still working:)

thank you:up:

cmedic

King Kovifor 04-26-2008 11:26 PM
Quote:
Originally Posted by rinkrat (Post 1500185)
I cannot do anything, including editing templates, turning the board on or loading templates without the security error.
You should be able to work in the ACP as it is not affected. Maybe posting at vB.com or disabling your plugins by using this code in your config.php may solve your problem:

define('DISABLE_HOOKS', true);

Terrie 04-27-2008 06:20 AM
Quote:
Originally Posted by Dismounted (Post 1497947)
Also, you need to add the security token to AJAX requests using POST. This can be simply added using the variable "SECURITYTOKEN". An example is below.
Code:
YAHOO.util.Connect.asyncRequest('POST', scriptpath + '?do=ajax', {
        success: this.handle_ajax_response,
        failure: this.handle_ajax_error,
        timeout: vB_Default_Timeout,
        scope: this
}, SESSIONURL + 'securitytoken=' + SECURITYTOKEN + '&foo=' + foo);
what file do i need to place this into?
I've already added the 3 &'s before "securitytoken" in my clienscript/vbulletin_global.js
I have also updated ALL my templates per the security token instructions given and still
im having problems with every mod that uses java and ajax
I am running 3.7 RC4

Dismounted 04-27-2008 07:52 AM
Quote:
Originally Posted by shahryar_neo (Post 1499668)
sorry for my low information . can yoy simplified this instruction for using ajax requests using POST ?
It is the simplest it can be. Add the security token into the request.
Quote:
Originally Posted by sv1cec (Post 1499719)
Could some one PLEASE tell me how to close this vulnerability in vB 3.0.xx?

I would certainly appreciate it.
You can't unless you edit files directly as the fix is actually a very large one.
Quote:
Originally Posted by Terrie (Post 1500484)
what file do i need to place this into?
I've already added the 3 &'s before "securitytoken" in my clienscript/vbulletin_global.js
I have also updated ALL my templates per the security token instructions given and still
im having problems with every mod that uses java and ajax
I am running 3.7 RC4
You do not need to mess with any default vBulletin JS file.

Opserty 04-27-2008 08:20 AM
Quote:
Originally Posted by Dismounted (Post 1500532)
You do not need to mess with any default vBulletin JS file.
There have been a few errors in RC4 that have caused problems for a couple of ajax modifications, hence why some have edited vbulletin_global.js. http://www.vbulletin.com/forum/proje...?issueid=25287


All times are GMT. The time now is 02:33 PM.
Page 1 of 5 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01870 seconds
  • Memory Usage 1,914KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (11)bbcode_code_printable
  • (3)bbcode_php_printable
  • (31)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete