Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-05-2005, 07:11 AM
Mythotical Mythotical is offline
 
Join Date: Jun 2004
Location: Booneville, AR, USA
Posts: 1,428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vb 3.5 and globalize()

Ok I am working on porting a vb 3.0.3 hack to vb 3.5 and globalize is no longer used so I need to know what replaced it and say for instance replace this line:
PHP Code:
globalize($_REQUEST, array('u' => INT)); 
I figured out quite alot of the new stuff just that is questioning my experiences. Kinda mind boggling for me. hehe

Any help would be much appreciated.

Yes this is unaltered file and vbulletin test forum.

Thanks
Myth
Reply With Quote
  #2  
Old 09-05-2005, 07:23 AM
merk merk is offline
 
Join Date: Nov 2001
Location: Canberra, Australia
Posts: 601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PHP Code:
$vbulletin->input->clean_gpc('r''goto'TYPE_STR); 
Change "R" based on which superglobal you want to clean from (request, post, get, cookies, etc)

Change goto to the variable you wish to clean, and type_str to the type you want to clean it to (find them in a file somewhere, not sure which)

You should then use the below method to access the variable (not it doesnt get "globalised").

PHP Code:
$vbulletin->GPC['goto'
You may also clean multiple variables in one command,

PHP Code:
$vbulletin->input->clean_array_gpc('r', array(
 
'perpage'   => TYPE_UINT,
 
'pagenumber' => TYPE_UINT,
 
'highlight'  => TYPE_STR,
 
'posted'  => TYPE_BOOL,
)); 
Reply With Quote
  #3  
Old 09-05-2005, 07:37 AM
Mythotical Mythotical is offline
 
Join Date: Jun 2004
Location: Booneville, AR, USA
Posts: 1,428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks that helped.

Now I get this error:
Code:
Database error in vBulletin 3.5.0 Release Candidate 2:

Invalid SQL:

		SELECT username
		FROM vbuser
		WHERE userid =;

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3
Error Number : 1064
Date         : Monday, September 5th 2005 @ 09:35:22 AM
Script       : http://www.eternaltide.net/test/admincp/qas.php?&do=qaslink&u=1
Referrer     : 
IP Address   : XX.XXX.XXX.XX
Username     : Admin
Classname    : vb_database
This is what its referring to:
PHP Code:
    $vbulletin->input->clean_array_gpc('r', array( 'u' => TYPE_UINT));
    
$user $db->query_first("
        SELECT username
        FROM " 
TABLE_PREFIX "user
        WHERE userid = 
$u
    "
); 
thanks Merk for your help

Myth
Reply With Quote
  #4  
Old 09-05-2005, 07:38 AM
merk merk is offline
 
Join Date: Nov 2001
Location: Canberra, Australia
Posts: 601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You will need to set $u yourself or change $u to {$vbulletin->GPC[u]}
Reply With Quote
  #5  
Old 09-05-2005, 07:41 AM
Mythotical Mythotical is offline
 
Join Date: Jun 2004
Location: Booneville, AR, USA
Posts: 1,428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so how would I set it myself also if not that, how would or where would {$vbulletin->GPC[u]} go? Would I just put it in place of WHERE userid = $u to look liked WHERE userid = {$vbulletin->GPC[u]} ?
Reply With Quote
  #6  
Old 09-05-2005, 07:43 AM
merk merk is offline
 
Join Date: Nov 2001
Location: Canberra, Australia
Posts: 601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hrm - not only that but you're using the wrong function.

PHP Code:
$vbulletin->input->clean_gpc('r''u'TYPE_UINT);
    
$user $db->query_first(
        SELECT username 
        FROM " 
TABLE_PREFIX "user 
        WHERE userid = " 
$vbulletin->GPC['u']
    ); 
Reply With Quote
  #7  
Old 09-05-2005, 07:45 AM
Mythotical Mythotical is offline
 
Join Date: Jun 2004
Location: Booneville, AR, USA
Posts: 1,428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok got it but this new warning shows up:
HTML Code:
Warning: Invalid argument supplied for foreach() in /includes/class_core.php on line 1519
This is at line 1519:
Code:
		foreach ($variables AS $varname => $vartype)
		{
			if (!isset($this->registry->GPC["$varname"])) // limit variable to only being "cleaned" once to avoid potential corruption
			{
				$this->registry->GPC_exists["$varname"] = isset($sg["$varname"]);
				$this->registry->GPC["$varname"] =& $this->clean(
					$sg["$varname"],
					$vartype,
					isset($sg["$varname"])
				);
			}
		}
	}
That is 1519 to 1531

Now after that warning I get this:
Code:
Database error in vBulletin 3.5.0 Release Candidate 2:

Invalid SQL:

		SELECT userid, username, qas
		FROM vbuser
		WHERE userid =;

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3
Error Number : 1064
Date         : Monday, September 5th 2005 @ 09:51:34 AM
Script       : http://www.eternaltide.net/test/admincp/qas.php
Referrer     : 
IP Address   : XX.XXX.XXX.XX
Username     : Admin
Classname    : vb_database
Now what I think its refering to is in one of two places, I am providing both places, please double check to make sure I have it correct.

Place 1:
PHP Code:
    $vbulletin->input->clean_array_gpc('r''u'TYPE_UINT'u2');
    
$user1 $db->query_first("
        SELECT userid, username, qas
        FROM " 
TABLE_PREFIX "user
        WHERE userid = " 
$vbulletin->GPC['u']
        ); 
Place 2:
PHP Code:
    $user1 $db->query_first("
        SELECT userid, username, qas
        FROM " 
TABLE_PREFIX "user
        WHERE userid = " 
$vbulletin->GPC['u']
        );
    
$returntou1="$vbphrase[qas_return_to] <a href=\"user.php?$session[sessionurl]&do=edit&u=$user1[userid]\">$user1[username]'s $vbphrase[profile]</a>";
    
$user2 $db->query_first("
        SELECT userid, username, qas
        FROM " 
TABLE_PREFIX "user
        WHERE userid = " 
$vbulletin->GPC['u2']
        ); 
Thanks again Merk

Myth
Reply With Quote
  #8  
Old 09-05-2005, 08:10 AM
merk merk is offline
 
Join Date: Nov 2001
Location: Canberra, Australia
Posts: 601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The warning at the top of your post indicates that $variables is not an array. Code above that that builds $variables might not be returning anything.

The database error that you are getting is a similar cause of the same problem above.

As for your attempt to use "u2" as a variable will fail because you havent cleaned it first. You must clean all variables you're using.

Call the function you call for u, but replace u with u2.
Reply With Quote
  #9  
Old 09-05-2005, 08:18 AM
Mythotical Mythotical is offline
 
Join Date: Jun 2004
Location: Booneville, AR, USA
Posts: 1,428
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok Merk, no go, couldn't get it figured out.

I can't find the function used to call for u.

Ok the whole warning thing I'm ignoring for now as I believe this coding error is whats causing that warning.

How would I clean the variable for "u2"? What should the function look like?
Reply With Quote
  #10  
Old 09-05-2005, 08:21 AM
merk merk is offline
 
Join Date: Nov 2001
Location: Canberra, Australia
Posts: 601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I take it the user1 query in "place 1" and "place 2" are the same query?

You need to clean every single input variable you might be using to make sure they are actually input variables.

They do not get globalised, so you need to access them from where vBulletin stores them, $vbulletin->GPC['name'].

To get them put into that GPC array, you will need to run clean_gpc or clean_array_gpc (the second one takes many different variables at the same time, does the same thing).

To clean 2 variables, you should use (which would replace the clean_gpc command that you are using at place one.

PHP Code:
$vbulletin->input->clean_array_gpc('r', array(
 
'u'   => TYPE_UINT,
 
'u2' => TYPE_UINT,
)); 
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:12 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04061 seconds
  • Memory Usage 2,281KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_code
  • (1)bbcode_html
  • (9)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete