4.2.2 Patch
 

Is there a list of changed files for 4.2.2 PL2? I already have 4.2.2 PL1, and don't want to overwrite every single file, since we do have some code edits.

Is there a way for us to simply disable the mobile API, since we don't use it?

Thanks!

Diff the files, or re-apply your code edits. Its not that much effort.

Right.
In addition you should write down code changes, i. e. in a mod file, so you can re-create them after updates.

Look at the last post on this thread for the files that changed;

http://www.vbulletin.com/forum/forum...-patch-level-2


John








Your Hang/Long gun Information forum http://helmer.co

That might be a good list, but as it is not from a vB official, I would not count on it completely. ;)

Thank you!!!

It is not acceptable that there's no separate patch for this, but instead, it has been merged in a complete new version. Not everyone can just upgrade their vBulletin installation due to customization.

That would be something you should bring up on vB.com, as no one here has any control over such things, and no one who is a decision maker in vBulletin reads this site. :)

I know, just stating my opinion.

10-4, I understand the frustration completely. :)

Unless you enabled it, its disabled by default.

Its perfectly acceptable.

Were I not on holiday, id post a list of changed files, but as it happens, I am.
The list linked to above seems reasonable from what I remember.

You are correct. If you've invested a lot of time modifying your forum then upgrades are almost like dismantling and reassembling your entire site.

I would suggest avoiding any upgrades if you can.

And how would you suggest such people protect themselves from this exploit? :confused:

Not if you were smart about it. Using tools like Template Modification System (TMS), creating good documentation along the way. Upgrading could be a real pain during the early vB4 releases, I agree - but you really should not run those anyway, bugwise. But if you have file edits that make overwriting the original files of the same version a real pain, then you're most likely doing it wrong. Given the plugin system there is not much need for file edits, but if you do them, keep them properly documented and use diff tools.
Which is a stupid suggestion, really.

I would not pay too much attention to his ramblings.

Given the timing of it, and his general attitude here, I think its little more than a feeble attempt to stir.

Well when you return a changelog would be nice and I'll buy you some Dr. Pepper if you do :D jk jk.

I will be building a PL2 patch when I return, not something I can do from Gran Canaria :)

Lucky bastard!

You mean you will not leave the Canary Islands for us? And I thought you cared.:erm:

Updates are a hassle but good. I just may wait for your patch though Paul!

Anyone have a CMS patch for 4.2.1 from the latest 4.2.2 upgrade? Wondered if 4.2.1 PL1 CMS can be patched to the release for 4.2.2

Any and all patched are available at vB.com in your customer area.

Well all I've found is the patch for 4.2.2 for the CMS exploit. I was just wondering if anyone had a patch for 4.2.1 PL1 instead of going through 4.2.2. Guess I'm going to have to just move to 4.2.2 instead.

Yeah I would upgrade to 4.2.pl2 for sure. There is known security vulnerabilities in anything older.

Agreed. I've never really understood someone who goes and heavily codes into the hard PHP files unless absolutely necessary. I've had MANY heavily modified forums and NEVER had to touch the core files ever. Even when installing mods. Oh and I stayed away from mods like the auto template system mod mentioned by cellarius its super buggy and why have another query or install another mod and open yourself further for potential risks for things that you can manually yourself if you just read the directions from what ever mod you are installing?

It is most definitely not.
There's no additional query added.
If a person has access to your AdminCP, then TMS is most likely the last thing he will use to exploit your site ;)

I'm pretty sure you have not quite understood how TMS works...

First, when you install ANY mod or hack outside of vBulletin you are opening yourself for a potential risk. This has been stated in several places on this site as well as vBulletin.com. Having files other than vBulletin files opens your risk giving hackers a possible way to gain access into your site/server. Some hacks have better safeguards in place than others. Some people who create mods do not always know what they are doing, some do. I've never used the TMS mod personally on one of my sites and never will because I do not need to have a secondary mod do something that I can do myself. I see no use in it personally. I've had client's who have come to me in the past with the TMS mod installed with some pretty major problems and complaints that they could not upgrade vBulletin or do other things because of that mod. And when I went through a trouble shooting process I found that it WAS that mod causing the problem.

I do not allow other people in my own AdminCP. There is no use for that for me. So saying that someone cannot gain access while going into your AdminCP does not apply. Also you run a risk of allowing someone in your AdminCP, but I doubt if the TMS is going to stop them from hacking the site.

If the TMS mod is your mod and you are getting your feathers ruffled because I said it was buggy then I'm sorry but in my experience it has been buggy in the past. It may not be so now, but it has been before.

No, it's not my mod - its by Andreas, who without doubt is one of the best vB coders. From what you write, it is very obvious that you neither have any idea what TMS does, nor why it is superior to how vB4 handles template changes. I do not want to sell anything to you - it was you dropping into this thread while adimittedly having little idea what you were warning people off about.