Thread: Major Additions - DownloadsII
View Single Post
  #2348  
Old 02-16-2008, 02:49 PM
Black Tiger's Avatar
Black Tiger Black Tiger is offline
 
Join Date: Apr 2004
Location: Netherlands
Posts: 957
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Is there indeed an existing exploit at the moment? People can say there is, but I won't turn downloads II off until it's confirmed.

@RSJelle: I think the problem is in the code of the addon. Probably the "order by" piece. It's complaining about a missing ; or something, you are good at code, maybe you can see what's wrong because you know a lot of code and also know which tables are used in the present downloads II version.
This is the downloads addon code they use:
Code:
	$mods = $db->query("SELECT id,name FROM " . TABLE_PREFIX . "dl_cats ORDER BY `id`");
	while ($mod = $db->fetch_array($mods))
	{	
		$url = $vbseo_vars['bburl'].'/downloads.php?do=cat&id='.$mod['id'];

		if(VBSEO_ON)
			$url = vbseo_any_url($url);

  		vbseo_add_url($url, 1.0, '', 'daily');
	}

	$mods = $db->query("SELECT id as fid FROM " . TABLE_PREFIX . "dl_files");
	while ($mod = $db->fetch_array($mods))
	{	
		$url = $vbseo_vars['bburl'].'/downloads.php?do=file&id='.$mod['fid'];

		if(VBSEO_ON)
			$url = vbseo_any_url($url);
  		vbseo_add_url($url, 1.0, '', 'daily');
	}
From the previous version the change to "dl_files" and "dl_cats". Previously Order by was by 'order' which now they changed to 'id' but maybe this is not correct anymore or there are some other problems.
If you can't see it, oke, bad luck for me then.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01166 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete