(I wasn't aware it wasn't CSRF until Pauls post)
Well the issue is that on the Forum Home Page Options page (in the admincp vB options section) some of the form added by the above mentioned plugin doesn't have their values saved. The ones that don't work are 3 sets of checkboxes (a checkbox per usergroup in each setting).
Ive tried looking into it further now that I know it definitely isn't the CSRF fix causing it. I believe I've got it down to two sections of code that could be causing it, either the custom option code that was used for the checkboxes or the plugin that was attached to the admin_options_processing hook. I believe it's likely to be the former of the two possibilities.
I've included the code for both below:
PHP Code:
" . eval('foreach($vbulletin->usergroupcache AS $usergroupid => $usergroup)
{
$teamusergroups .= "\\t\\t<label for=\\"setting[$setting[varname]]$usergroupid\\" title=\\"usergroupid: $usergroupid\\"><input type=\\"checkbox\\" tabindex=\\"1\\" name=\\"setting[$setting[varname]]"."[]\\" id=\\"setting[$setting[varname]]$usergroupid\\" value=\\"$usergroupid\\"" . iif(strpos(",$setting[value],", ",$usergroupid,") !== false, \' checked="checked"\') . iif($vbulletin->debug, " title=\\"name="setting[$setting[varname]]"\\"") . " />$usergroup[title]</label><br />\\n";
}
return "<span class=\\"smallfont\\">\\n$teamusergroups\\t</span>";') . "<input type=\"hidden\" name=\"setting[$setting[varname]][]\" value=\"0\" />
The above code is the Option code for the first of the three checkbox options in the admincp (gotten through debug mode). When I attempted to print out the $setting[value] array (the array used in the decision to display checked="checked" or not) it appeared to be empty for me. i.e. just displaying Array rather than any values.
The code attached to the admin_options_processing hook is as below:
PHP Code:
if (is_array($vbulletin->GPC['setting']['split_useronline_teamusers']))
{
$vbulletin->GPC['setting']['split_useronline_teamusers'] = implode(',', $vbulletin->GPC['setting']['split_useronline_teamusers']);
}
if (is_array($vbulletin->GPC['setting']['split_useronline_premiumusers']))
{
$vbulletin->GPC['setting']['split_useronline_premiumusers'] = implode(',', $vbulletin->GPC['setting']['split_useronline_premiumusers']);
}
if (is_array($vbulletin->GPC['setting']['split_useronline_vipusers']))
{
$vbulletin->GPC['setting']['split_useronline_vipusers'] = implode(',', $vbulletin->GPC['setting']['split_useronline_vipusers']);
}
--------------- Added [DATE]1212105399[/DATE] at [TIME]1212105399[/TIME] ---------------
Done some further testing whilst waiting for some feedback anyway.
Did some print outs inside the above mentioned plugin (the one attached to the admin_options_processing hook) and the settings appear to make it that far just fine. i.e. the array is populated ok when boxes are ticked and after the implode lines it creates a string like "3,4,6". When does that hook get called though? only when saving the settings? And before or after the saving?
I'm asking this because I took a look into the database to see where the settings where saved and found the options in the datastore table. The relevant serialized section (ignoring the cyb part) being just below:
PHP Code:
s:23:"split_useronline_active";s:1:"1";s:26:"split_useronline_teamusers";s:5:"Array";
s:29:"split_useronline_premiumusers";s:5:"Array";s:25:"split_useronline_vipusers";
s:5:"Array";
As you can see it seems that even in the database it seems to be storing the value Array instead of the elements in that array. So I'm trying to find why that is occurring?
More Information