Thread: vbArticles v0.4 -- For your repository of Articles/Tutorials/FAQs etc.
View Single Post
  #80  
Old 06-28-2003, 02:15 PM
97cobracpe 97cobracpe is offline
 
Join Date: Feb 2003
Location: Chicago
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
OK, I found the bug with the ' problem. There was also a big problem with some html code when adding a new article, and when editing.

When adding new, I would not pass some of the html code, and when editing, it would not update. This only happened when using certain html code.

Two php commands:
addslashes() and htmlspecialchars() were not used correctly with the intent of this hack. I noticed the same thing in the vbLink hack as well (which this was based off of).

cinq,
I have corrected the html code issue as far as I know (This hack is working for me curently without flaws. Also, being able to post html code of user forms is a big security risk. I would suggest that everyone either turn on validation (so you can check the code before approving it), although I think it's safe this way, I'm not positive or to disable user submitions all together. I'm disabling it on my site all together. I'd rather have users email me an html file (that I can check locally) before posting it on my site for security reasons.

Not trying to step on any toes or anything, but I like this hack, and want to use it as quickly as possible, so I figured I help you out by posting my findings.

I'm attaching an updated vbArticlesadmin.php below.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02330 seconds
  • Memory Usage 1,759KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete