The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Private Messages & Email Log Details »» | |||||||||||||||||||||||||||||||||||||||||
Port of vb.3.8 version
Features:
This mod uses full scan for text searches, that can affect SQL-server load at really big boards. Fulltext indexes are not used intentionally, because whose can't produce sharp results and not compatible with innodb. I suppose, that if you really need this mod, you know exactly, what are you doing and what are you going to search. In my practice, ONLY exact matches were useful. One of tradeoff to reduce SQL-server load ? make log size shorter (1-2 months instead of 6). When vB 4.0 provides refactored search framework, search method can be rewritten. If you install this mod on your server, i recommend to clarify forum rules, and add text, that your project doesn't provide the ways of confidential communication ? only public and non public. This mod is developped here http://github.com/rcdesign/vb-pm_log . Patches are welcome. history 3.1 - fixed specialchars in SQL search request. Thanks to mplode 3.0 - refactoring + some fixes - separate fields for nick & text in search form 2.5 - ported to vb4 ... 2.2 - Redesigned database to improve search/paging in some cases - Should fix conflicts with other mods, that where reported in this threads - Sources repo is now @ github ... (not public) 1.9 - Ups... another broken link (from message list to user profiles) - Fixed access for non superadmins, who had "Read PM Log" privilegies. 1.8 - fixed broken link in ACP popup menu - workaround to show smiles and bbcodes 1.7 - fixed some sql-error 1.6 - first public release Download Now
Screenshots
Show Your Support
|
Благодарность от: | ||
santor |
Comments |
#42
|
||||
|
||||
TimesOut, Britmovies,
Checks, that you have uploaded source files to server, and set ptoper permission. That file exists in archive. |
#43
|
|||
|
|||
Since it has been updated after I installed it, is it necessary to download and replace all the files again? Is that how you do it? Download it again as if you never had it and let it replace what is there already?
|
#44
|
||||
|
||||
Yes, all files have been changed. You have to reupload all (override old ones, if any).
|
#45
|
|||
|
|||
Invalid SQL:
Code:
SELECT DISTINCT COUNT(cr.logid) AS count FROM((SELECT pm.logid AS logid FROM rcd_log_pm AS pm WHERE fromusername = 'Qui's World' ) UNION (SELECT pm.logid AS logid FROM rcd_log_pm AS pm WHERE tousername = 'Qui's World' )) AS cr; edit: two actually. You need to sanitize $user_name Additionally, there's XSS on the search fields. You need to sanitize those for HTML usage as well. And everywhere where it lists usernames. |
#46
|
||||
|
||||
|
#47
|
|||
|
|||
Thanks for the quick response! I have some remarks, however.
Why are you applying htmlspecialchars_uni() to the usernames before using them in the query? That should be unnecessary and in fact will probably cause problems with users who have <>& or similar signs in their usernames. $db->escape_string() should be enough there. Code:
print_input_row($vbphrase['username'], 'username', $user_name, false); print_input_row($vbphrase['keywords'], 'keywords', $search_keywords, false); Code:
print_input_row($vbphrase['username'], 'username', htmlspecialchars_uni($user_name), false); print_input_row($vbphrase['keywords'], 'keywords', htmlspecialchars_uni($search_keywords), false); |
#48
|
||||
|
||||
You could check on real data fist. Nicks in db are html-escaped.
|
#49
|
|||
|
|||
Ah. Yeah, I wasn't too sure about that one.
|
#50
|
|||
|
|||
Fatal error: Call to undefined function rcd_pm_log_CacheTemplates() in /home/xxxxxxx/public_html/includes/class_bootstrap.php(1312) : eval()'d code on line 363
I cant use anything with update |
#51
|
||||
|
||||
Updated version to fix bug with SQL, reported by mplode.
|
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|