Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > vBulletin 3 Articles

Reply
 
Thread Tools
Fix for replacement code problem in vB Code
Steve Machol's Avatar
Steve Machol
Join Date: Nov 2001
Posts: 1,896

 

Show Printable Version Email this Page Subscription
Steve Machol Steve Machol is offline 03-08-2002, 10:00 PM

I'm almost embarrassed to call this a 'hack', particularly sincve it's not even mine! :stupid: Actually the code came from FireFly who PM'd me with the answer to this problem I posted on vb.com:

http://www.vbulletin.com/forum/showt...threadid=41430

The problem arises if you try to use replacement variables in vB Code. Beginning with 2.2.3, this no longer works. However the fix (thanks to Chen!) is simple. Just remove or comment out this line from admin/functions.php:

PHP Code:
$bbcode=str_replace("{""{"$bbcode); // stop people posting replacements in their posts 
Of course remving this line will cause the problem of people using replacement variables in posts. However in my case it's a good trade-off.
Reply With Quote
  #2  
Old 03-09-2002, 05:33 AM
neal neal is offline
 
Join Date: Feb 2002
Posts: 43
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

isn't this corrected in 2.2.3?
Reply With Quote
  #3  
Old 03-09-2002, 05:33 AM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No, this is caused by v2.2.3.
Reply With Quote
  #4  
Old 03-09-2002, 05:36 AM
neal neal is offline
 
Join Date: Feb 2002
Posts: 43
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

oh, ok. Thanks then, I'm installing
Reply With Quote
  #5  
Old 03-09-2002, 05:39 AM
Mr. X's Avatar
Mr. X Mr. X is offline
 
Join Date: Oct 2001
Location: Iowa
Posts: 149
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Excellent. The quote looks great now, however Im still confused as to how do do this with PHP and list code.
Reply With Quote
  #6  
Old 03-09-2002, 02:56 PM
Scrub's Avatar
Scrub Scrub is offline
 
Join Date: Oct 2001
Posts: 188
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I do not understand this!?
Reply With Quote
  #7  
Old 03-09-2002, 03:43 PM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Mr. X
Excellent. The quote looks great now, however Im still confused as to how do do this with PHP and list code.
Those are hardcoded into the script and cannot be altered by vB Code. To change them would require further hacking.
Reply With Quote
  #8  
Old 03-09-2002, 06:52 PM
Mr. X's Avatar
Mr. X Mr. X is offline
 
Join Date: Oct 2001
Location: Iowa
Posts: 149
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so it only works on vb.org?
Reply With Quote
  #9  
Old 03-09-2002, 10:01 PM
Wayne Luke's Avatar
Wayne Luke Wayne Luke is offline
Senior Member
 
Join Date: Jan 2002
Location: Southern California
Posts: 1,694
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think that line of code is part of the cross-site scripting issue that was plugged in 2.2.3. While I don't think it will expose you to the entire problem it does present a weakness.
Reply With Quote
  #10  
Old 03-09-2002, 11:38 PM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

this is not changed in 223b grrrr...
lol i got it now.. damn i'm slow sometimes.. this line must be removed only if you installed firefly's hack
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:04 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07800 seconds
  • Memory Usage 2,278KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete