vb.org Archive - Problem With Private.php

Hi.

When performing the 3.4.4 to 3.4.5 upgrade, after one of these edits:

PHP Code:


		
			
// set up for PM reply / forward

        if ($_REQUEST['pmid'])

        {

            if ($pm = $DB_site->query_first("

                SELECT pm.*, pmtext.*

                FROM " . TABLE_PREFIX . "pm AS pm

                LEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)

                WHERE pm.userid=$bbuserinfo[userid] AND pm.pmid=" . intval($_REQUEST['pmid']) . "

            "))

            {

            

Right below that, add:



            if ($bbuserinfo['userid'] == $vboptions['warn_collector'])

                {

                    $dualid=1;

                    $dual_option='';

                    $dual_option.="<option value='{$bbuserinfo['userid']}'>User name: {$bbuserinfo['username']} - User ID: {$bbuserinfo['userid']} (your own)</option>";

                    if ($vboptions['warn_warner']!='')

                    {

                        $w1=$DB_site->query_first("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid=$vboptions[warn_warner]");

                        $dual_option.="<option value='{$vboptions['warn_warner']}'>User name: {$w1['username']} - User ID: {$vboptions['warn_warner']} (Hidden Warner)</option>";

                    }

                    if ($vboptions['warn_automatic_warner']!='')

                    {

                        $w1=$DB_site->query_first("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid=$vboptions[warn_automatic_warner]");

                        $dual_option.="<option value='{$vboptions['warn_automatic_warner']}'>User name: {$w1['username']} - User ID: {$vboptions['warn_automatic_warner']} (Automatic Warner)</option>";

                    }

                }

                else

                {

                    $dualid=0;

                }

PHP Code:


		
			
In the same file find:



                $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($bbuserinfo[userid], '" . addslashes($bbuserinfo['username']) . "', '$title', '$message', '" . addslashes(serialize($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");

    

Replace that with:



                                

                if ($bbuserinfo['userid'] == $vboptions['warn_collector'])

                {

                    $sender=$pm['sender'];

                    $w1=$DB_site->query_first("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid=$sender");

                    $sendername=$w1[username];

                    $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($sender, '" . addslashes($sendername) . "', '$title', '$message', '" . addslashes(serialize($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");

                }

                else

                {

                    $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($bbuserinfo[userid], '" . addslashes($bbuserinfo['username']) . "', '$title', '$message', '" . addslashes(serialize($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");

                }

Any new PM that someone tries to send after pressing submit, they get this SQL error:

Code:

Database error in vBulletin 3.0.7:



Invalid SQL: SELECT username FROM user WHERE userid=

mysql error: You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1



mysql error number: 1064

I have installed the SaveDrafts hack, but I cannot see where this may be effecting it. There is code, however, placed near where the first code replacement here takes place.

The code from the SaveDrafts hack replaces this original vB code:

PHP Code:


		
			
    if (defined('PMPREVIEW'))

    {

        $postpreview = &$preview;

        $pm['title'] = htmlspecialchars_uni($pm['title']);

        $pm['message'] = htmlspecialchars_uni($pm['message']);

        $pm['recipients'] = htmlspecialchars_uni($pm['recipients']);

        construct_checkboxes($pm);

    }

Any ideas?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03771 seconds Memory Usage 1,791KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (5)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (2)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: