vbBux / vbPlaza v1.5.8 has been released!

A quick release to address a critical bug.

Get it at --> https://vborg.vbsupport.ru/showthread.php?t=106953

A NOTE: This will be one of the last releases of vbBux / vbPlaza in its V1.x format.

But do not fear, vbBux / vbPlaza V2.0 is in the pipeline and will be bigger and better than before

U ask how can it be bigger and better? Stay tuned!!!

-CMX

[da420]

Quote:

Originally Posted by Zia

We r waiting for the fix...

Addiction is a terrible thing.

[X-Files]

Is this what we need to patch this? Can someone provide a definitive answer? I think this version at least needs a fix applied since we have no idea when v2 will be out.

Quote:

Originally Posted by Acers

Just changes the the php function with vb's own cleaning class.

includes/function_vbplaza.php(line 152)

PHP Code:

$message = strip_tags($message); 


make that

PHP Code:

$message = $vbulletin->input->clean($message, TYPE_NOHTML); 


go to
vbplaza/action.admindonate.php (line 133)

PHP Code:

$action['reason'] = strip_tags($action['reason']); 


make that

PHP Code:

$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 


goto
vbplaza/action.changeotherusertitle.php (line 136)

PHP Code:

$newusertitle_stripped = strip_tags($newusertitle); 


make that

PHP Code:

$newusertitle_stripped = $vbulletin->input->clean($newusertitle, TYPE_NOHTML); 


goto
vbplaza/action.changeusertitle.php (line 87)

PHP Code:

$newusertitle_stripped = strip_tags($newusertitle); 


make that

PHP Code:

$newusertitle_stripped = $vbulletin->input->clean($newusertitle, TYPE_NOHTML); 


goto
vbplaza/action.donate.php (line 164)

PHP Code:

$action['reason'] = strip_tags($action['reason']); 


make that

PHP Code:

$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 


goto
vbplaza/action.gift.php (line 209)

PHP Code:

$action['giftmessage'] = strip_tags($action['giftmessage']); 


make that

PHP Code:

$action['giftmessage'] = $vbulletin->input->clean($action['giftmessage'], TYPE_NOHTML); 


goto
vbplaza/action.ribbons.php (line 218)

PHP Code:

$action['ribbonmessage'] = strip_tags($action['ribbonmessage']); 


make that

PHP Code:

$action['ribbonmessage'] = $vbulletin->input->clean($action['ribbonmessage'], TYPE_NOHTML); 


[fly]

<font size="5">CMX, WHERE CAN I SEND DONATIONS TO? THANKS FOR COMING BACK!</font>

[silvermerc]

Erm....I can't download it for some reason.The link to the thread is broken

[zappsan]

Welcome back, CMX

Quote:

Originally Posted by silvermerc

Erm....I can't download it for some reason.The link to the thread is broken

Yes, there was a security problem so the hack has been removed.

[Shazz]

Could have just closed the thread.
Now many people are going to be confused where to get the store

[kjhkjh]

Err... I want this hack, never installed it before, have seen the security threat mentioned, seems to be a fix a few posts above me... but does anyone know if a new version is coming out or if there is somewhere that I can download the current version from and fix it?

Thx

[sinpeople]

Never experienced this before. Anyone can tell typically how long such issue can be closed?

If it takes more than one month, maybe consider other point system is a not bad choice.
Thanks.

[hitboy]

Quote:

Originally Posted by sinpeople

Never experienced this before. Anyone can tell typically how long such issue can be closed?

If it takes more than one month, maybe consider other point system is a not bad choice.
Thanks.

Another point system? lol uh there alot of people on here that have been using the hack for months that would screw everything up and as far as i can see for 3.6.4 there is only icash and its very simple mod its good but not the best alternative compared to vbbux

[Aclikyano]

This hack has an EXPLOIT IN IT !.
a few sites as I recall somewere on this board were HACKED thru the donation feature!.
it has been removed until the ex is fixed.