Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
Reload this Page Using vb:raw in templates
FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #11  
Old 08-30-2014, 01:50 PM
Scanu's Avatar
Scanu Scanu is offline
 
Join Date: Nov 2010
Posts: 829
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
PHP Code:
$vbulletin->input->clean_gpc('r''do'TYPE_STR);
$do $vbulletin->GPC['do'];
if (!isset($do))
$do 1//default value

if ($do == 1) {

}
if ($do == 2) {

}
if ($do == 3) {

}
if ($do == 4) {
Reply With Quote
Благодарность от:
Black Snow
  #12  
Old 08-30-2014, 02:22 PM
cellarius's Avatar
cellarius cellarius is offline
 
Join Date: Aug 2005
Posts: 1,987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Black Snow View Post
Your link doesn't show how to use $vbulletin->input->clean_array_gpc when requesting a page. Could you show me an example?
Of course it does.

Quote:
Cleaning Superglobal Arrays

By Superglobal, I mean $_POST, $_GET, $_REQUEST and so on. These arrays are created automaticly by PHP and contain the user-sent input. They are referenced in the vBulletin Input Cleaner by nice short single letter names. These are:
p - $_POST
g - $_GET
r - $_REQUEST
s - $_SERVER
e - $_ENV
c - $_COOKIE
f - $_FILES
and so on.
Reply With Quote
Благодарность от:
Black Snow
  #13  
Old 09-01-2014, 10:53 AM
Black Snow Black Snow is offline
 
Join Date: Jul 2012
Location: Scotland
Posts: 471
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Scanu View Post
PHP Code:
$vbulletin->input->clean_gpc('r''do'TYPE_STR);
$do $vbulletin->GPC['do'];
if (!isset($do))
$do 1//default value

if ($do == 1) {

}
if ($do == 2) {

}
if ($do == 3) {

}
if ($do == 4) {
Thanks for the example. Makes me understand more now.

--------------- Added [DATE]1409646066[/DATE] at [TIME]1409646066[/TIME] ---------------

Quote:
Originally Posted by Scanu View Post
PHP Code:
$vbulletin->input->clean_gpc('r''do'TYPE_STR);
$do $vbulletin->GPC['do'];
if (!isset($do))
$do 1//default value

if ($do == 1) {

}
if ($do == 2) {

}
if ($do == 3) {

}
if ($do == 4) {
I tried doing this but it won't work if I access the info.php page without the query on the end of the URL:
Code:
$vbulletin->input->clean_gpc('r', 'do', TYPE_STR);
$do = $vbulletin->GPC['do'];
if (!isset($do))
//default value
$do = "siterules";


//Use as http:/site.com/info.php?do=siterules
if ($do == "siterules") {
$pagetitle = 'General Site Rules';
$templater = vB_Template::create('siterules');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
$templater->register('custom_nav', $custom_nav);
print_output($templater->render());
exit;
}
Reply With Quote
  #14  
Old 09-02-2014, 12:11 PM
Scanu's Avatar
Scanu Scanu is offline
 
Join Date: Nov 2010
Posts: 829
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Black Snow View Post
Thanks for the example. Makes me understand more now.

--------------- Added [DATE]1409646066[/DATE] at [TIME]1409646066[/TIME] ---------------


I tried doing this but it won't work if I access the info.php page without the query on the end of the URL:
Code:
$vbulletin->input->clean_gpc('r', 'do', TYPE_STR);
$do = $vbulletin->GPC['do'];
if (!isset($do))
//default value
$do = "siterules";


//Use as http:/site.com/info.php?do=siterules
if ($do == "siterules") {
$pagetitle = 'General Site Rules';
$templater = vB_Template::create('siterules');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
$templater->register('custom_nav', $custom_nav);
print_output($templater->render());
exit;
}
Try replacing this
PHP Code:
$vbulletin->input->clean_gpc('r''do'TYPE_STR);
$do $vbulletin->GPC['do'];
if (!isset($do))
//default value
$do "siterules"
With this
PHP Code:
if (!isset($_REQUEST['do'])
$_REQUEST['do'] = 'siterules';
$vbulletin->input->clean_gpc('r''do'TYPE_STR);
$do $vbulletin->GPC['do']; 
Reply With Quote
  #15  
Old 09-02-2014, 12:45 PM
Black Snow Black Snow is offline
 
Join Date: Jul 2012
Location: Scotland
Posts: 471
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Scanu View Post
Try replacing this
PHP Code:
$vbulletin->input->clean_gpc('r''do'TYPE_STR);
$do $vbulletin->GPC['do'];
if (!isset($do))
//default value
$do "siterules"
With this
PHP Code:
if (!isset($_REQUEST['do'])
$_REQUEST['do'] = 'siterules';
$vbulletin->input->clean_gpc('r''do'TYPE_STR);
$do $vbulletin->GPC['do']; 
Thanks for helping. I still get a blank page.
Reply With Quote
  #16  
Old 09-02-2014, 01:13 PM
Scanu's Avatar
Scanu Scanu is offline
 
Join Date: Nov 2010
Posts: 829
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I can't see anything wrong now, and I don't have time right now to test it
Maybe this code could make a difference

PHP Code:
[PHP]
$vbulletin->input->clean_gpc('r''do'TYPE_STR); 
$do $vbulletin->GPC['do'];
if (!isset($_REQUEST['do']) 
$do 'siterules'
[/PHP]
Reply With Quote
Благодарность от:
Black Snow
  #17  
Old 09-02-2014, 01:16 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There is a $vbulletin->GPC_exists[] array, so you could try this:
Code:
$vbulletin->input->clean_gpc('r', 'do', TYPE_STR);
if ($vbulletin->GPC_exists['do'])
   $do = $vbulletin->GPC['do'];
else
   $do = "siterules";

// etc

Another thing you could do is just make 'siterules' the default 'else':
Code:
$vbulletin->input->clean_gpc('r', 'do', TYPE_STR);
$do = $vbulletin->GPC['do'];

if ($do == 'something')
{
 // something
}
else if ($do == 'somethingelse')
{
// something else
}
else // default to siterules
{
  // siterules
}

BTW, I'm not a php expert so I'm not going to argue with what's correct and what's "evil", but I would say that there was nothing actually wrong with what you originally had (as far as introducing vulnerabilities), and in fact the vb scripts do it that way (just for the 'do' variable).
Reply With Quote
Благодарность от:
Black Snow
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:25 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04569 seconds
  • Memory Usage 2,274KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_code
  • (8)bbcode_php
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (7)post_thanks_box
  • (4)post_thanks_box_bit
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete