vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   Idea: Don't allow files to be attached with the names of VB files (https://vborg.vbsupport.ru/showthread.php?t=33436)

VirtueTech 12-23-2001 02:20 AM
Hello,

My idea would be to have the attachment system read the name of the file the user was uploading to the site and check to see if it is a VB script name. If so deny the upload explaining that you cannot attach VB scripts to the site.

I'm pretty sure this would be reletively easy to do and would help the moderators out tremendously. Sometimes mods don't catch the script being online in large threads for quite some time.

Just a thought. :)

heretic 12-23-2001 06:55 PM
in the control panel, under vbulletin options, click on the allowed file types. as a default, .vbs files are not accepted.

JamesUS 12-23-2001 07:56 PM
He means vBulletin scripts (eg newreply.php, postings.php), not VBScript :)

VirtueTech 12-26-2001 05:26 AM
Exactly James

JamesUS 12-26-2001 02:43 PM
Only real problems with that as I see it is that people could still rename to eg newreply.php.txt.

Also some of the file names are very common (index.php etc) and blocking attachments of these could stop people attaching other files.

On a side note, if anyone does see threads containing full vB files please contact a moderator, either by email, ICQ, or using the 'report' link on every post.

exodus 12-26-2001 10:12 PM
Just don't allow attaching any .php files.. :)

Admin 12-27-2001 05:24 AM
exodus, I don't think so, .php files are pretty essential to some hacks and it's easier to just download them as is instead of renaming them from .php.txt.
And like James said, banning names like index.php or forum.php would hurt other members trying to attach these files.

We could put in a check for some PHP code in the file itself, but I can't think of any unique code only vB file have - and hacks don't.

VirtueTech 12-27-2001 05:27 AM
What about

@error_reporting(7);

JamesUS 12-27-2001 09:20 AM
That is far from unique - that is included in all my scripts and many others as a matter of course. And vB Hacks that require their own files technically should have that as well.


All times are GMT. The time now is 05:03 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00958 seconds
  • Memory Usage 1,717KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete