vbBux / vbPlaza v1.5.8 has been released!

A quick release to address a critical bug.

Get it at --> https://vborg.vbsupport.ru/showthread.php?t=106953

A NOTE: This will be one of the last releases of vbBux / vbPlaza in its V1.x format.

But do not fear, vbBux / vbPlaza V2.0 is in the pipeline and will be bigger and better than before

U ask how can it be bigger and better? Stay tuned!!!

-CMX

[Detomah]

Quote:

Originally Posted by CMX_CMGSCCC

Unfortuntely my real job has had me in shambles as of late, too many games to make cheat codes for, and other projects at work. So I havent had much time for vbBux / vbPlaza.

I am, however, working on a v2 version with a much more cleaned up coding engine, as well as a crapload of new features, items for purchase in the vbPlaza.

But as far as a release goes, I'm not sure, I've started it a little at a the www.vbplaza.com URL, but I'm not sure the url is public as of yet either, due to it still having a bit that needs completing. (I'd say its about 75% finished currently.)

I hope to try and finish it up soon, but I honestly cant give an accurate ETA as of yet. I apologize for the inconvenience, but I can also assure u, it will be worth the wait.

ALSO: I've been away for a while and noticed a ton of posts about the v1.5.8. I do not have time to reply to every single post, and with the amount of rewrite that has occurred in the v2 version I am currently working on, it would be even more time involving to check on every problem as the problem may not exist anymore in the v2 version I'm writing. I apologize for any inconvenience this may cause.

-CMX

I for one fully appreciate the pressure and stresses of real life outside of this stuff that you and probably many others, including myself go through all to often and I appreciate the time you've given up to create vbplaza and everything you have done to date and know you will continue to improve it again once time becomes available to you.

However, in the mean time, myself and probably every single other person who has the vbplaza hack instally would seriously appreciate you even more, if you would be willing to sacrifice a little time to find out exactly what the current exploits with vbplaza are and releasing a fix for them as quickly as you possibly can, so that we may continue to use this superb hack without fear of our sites being exploitable. I would personally even go so far as to make a generous donation to you via paypal for such a service, as vbplaza has become an essential part of my website.

[WhyDoesItMatter]

Quote:

Originally Posted by CMX_CMGSCCC

Tell me how it's being exploited and then I can release a fix for it.

I mean, I'm the creator of the addon. (PM me the details.)

-CMX

Omg you're back! Welcome back! Wow so shocked to see you, yet so happy.. woohoo

[Deimos]

Good to see ya back CMX

[Acers]

Quote:

Originally Posted by Acers

here is a temporary fix, i have tested this locally only for the donate function and its working as far as this exploit goes, and since the same logic can be taken for other places where its used we can replace there

go to your vbplaza folder, find occurrences of the following:
includes/function_vbplaza.php
find around line 152(depending on the version you have)

PHP Code:

$message = strip_tags($message); 


make that

PHP Code:

$message = htmlspecialchars($message); 


go to
vbplaza/action.admindonate.php (line 133)

PHP Code:

$action['reason'] = strip_tags($action['reason']); 


make that

PHP Code:

$action['reason'] = htmlspecialchars($action['reason']); 


goto
vbplaza/action.changeotherusertitle.php (line 136)

PHP Code:

$newusertitle_stripped = strip_tags($newusertitle); 


make that

PHP Code:

$newusertitle_stripped = htmlspecialchars($newusertitle); 


goto
vbplaza/action.changeusertitle.php (line 87)

PHP Code:

$newusertitle_stripped = strip_tags($newusertitle); 


make that

PHP Code:

$newusertitle_stripped = htmlspecialchars($newusertitle); 


goto
vbplaza/action.donate.php (line 164)

PHP Code:

$action['reason'] = strip_tags($action['reason']); 


make that

PHP Code:

$action['reason'] = htmlspecialchars($action['reason']); 


goto
vbplaza/action.gift.php (line 209)

PHP Code:

$action['giftmessage'] = strip_tags($action['giftmessage']); 


make that

PHP Code:

$action['giftmessage'] = htmlspecialchars($action['giftmessage']); 


goto
vbplaza/action.ribbons.php (line 218)

PHP Code:

$action['ribbonmessage'] = strip_tags($action['ribbonmessage']); 


make that

PHP Code:

$action['ribbonmessage'] = htmlspecialchars($action['ribbonmessage']); 


Just changes the the php function with vb's own cleaning class.

includes/function_vbplaza.php(line 152)

PHP Code:

$message = strip_tags($message); 


make that

PHP Code:

$message = $vbulletin->input->clean($message, TYPE_NOHTML); 


go to
vbplaza/action.admindonate.php (line 133)

PHP Code:

$action['reason'] = strip_tags($action['reason']); 


make that

PHP Code:

$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 


goto
vbplaza/action.changeotherusertitle.php (line 136)

PHP Code:

$newusertitle_stripped = strip_tags($newusertitle); 


make that

PHP Code:

$newusertitle_stripped = $vbulletin->input->clean($newusertitle, TYPE_NOHTML); 


goto
vbplaza/action.changeusertitle.php (line 87)

PHP Code:

$newusertitle_stripped = strip_tags($newusertitle); 


make that

PHP Code:

$newusertitle_stripped = $vbulletin->input->clean($newusertitle, TYPE_NOHTML); 


goto
vbplaza/action.donate.php (line 164)

PHP Code:

$action['reason'] = strip_tags($action['reason']); 


make that

PHP Code:

$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 


goto
vbplaza/action.gift.php (line 209)

PHP Code:

$action['giftmessage'] = strip_tags($action['giftmessage']); 


make that

PHP Code:

$action['giftmessage'] = $vbulletin->input->clean($action['giftmessage'], TYPE_NOHTML); 


goto
vbplaza/action.ribbons.php (line 218)

PHP Code:

$action['ribbonmessage'] = strip_tags($action['ribbonmessage']); 


make that

PHP Code:

$action['ribbonmessage'] = $vbulletin->input->clean($action['ribbonmessage'], TYPE_NOHTML); 


[rjmjr69]

Well its great the author is back. I look forward to seeing version 2.0 real soon I hope. I too am willing to make a nice donation if it gets things done a bit faster....

[sim tech]

This is one of the most popular mods on my board as well.

[wilburshere]

excellent ill keep it disabled until v2 comes out

this mod was a huge feature on my sites as well

BTW welcome back we did miss you

[Zia]

Where Have u been for a long time ?

We r waiting for the fix...

thnx

[Shazz]

You all welcome back CMX_CMGSCCC for a FIX and not actually just giving him time to do so.

[xchewbaka]

Thank you Acers for your work :-)

realy good job , works fine