Thread: Major Additions - DownloadsII
View Single Post
  #1786  
Old 02-08-2012, 10:01 PM
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Location: USA, New Jersey
Posts: 2,392
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by squidsk View Post
Two bugs to report.

First bug comes with a feature request. The bug is the security token bug, but different from what others have described. Here's how to reproduce the bug. First guests have download permissions. Second have your site open in two different windows/tabs, one of which points to a download the other to any page what so ever. Either be logged in on both or logged out on both, it doesn't matter. If on the non-download page you log out, or log in, and then try to download the file from the download page without refreshing you'll get a security token error. The request that goes along with this, is to remove the security token from the url of the download button and have downloads.php grab it from the $vbulletin after the download button is clicked, as that should stop all security token issues. It would also prevent security token errors when a user posts a link directly to the download button and others try to follow it, which of course won't work as the security tokens would be different.

EDIT: This bug can be reproduced as well by logging in with a second account, the guest account does not necessarily required download permissions.

Second bug. If a file does not exist in the download directory, but a entry points to it, you do not get a vbulletin error message, but just a plain php message. The block of code in question is at line 754 in version 6.0.9. Wrapping that code in an if(file_exists($dlfilename)) would probably solve the problem.
I luv bug fixes .. is there any thing other than to wrap that code you posted ?
did you test it again..

thansk for the post:up:
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01133 seconds
  • Memory Usage 1,767KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete