Thread: Major Additions - DownloadsII
View Single Post
  #1785  
Old 02-08-2012, 09:44 PM
squidsk's Avatar
squidsk squidsk is offline
 
Join Date: Nov 2010
Posts: 969
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Two bugs to report.

First bug comes with a feature request. The bug is the security token bug, but different from what others have described. Here's how to reproduce the bug. First guests have download permissions. Second have your site open in two different windows/tabs, one of which points to a download the other to any page what so ever. Either be logged in on both or logged out on both, it doesn't matter. If on the non-download page you log out, or log in, and then try to download the file from the download page without refreshing you'll get a security token error. The request that goes along with this, is to remove the security token from the url of the download button and have downloads.php grab it from the $vbulletin after the download button is clicked, as that should stop all security token issues. It would also prevent security token errors when a user posts a link directly to the download button and others try to follow it, which of course won't work as the security tokens would be different.

EDIT: This bug can be reproduced as well by logging in with a second account, the guest account does not necessarily required download permissions.

Second bug. If a file does not exist in the download directory, but a entry points to it, you do not get a vbulletin error message, but just a plain php message. The block of code in question is at line 754 in version 6.0.9. Wrapping that code in an if(file_exists($dlfilename)) would probably solve the problem.

EDIT 2: Both bugs are present in both 5.1.2 and 6.0.9.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01221 seconds
  • Memory Usage 1,768KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete