Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.5 > vBulletin 3.5 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
vBug Tracker Lite 3.5.1 Details »»
vBug Tracker Lite 3.5.1
Version: 3.5.1, by Dark_Wizard Dark_Wizard is offline
Developer Last Online: Jun 2014 Show Printable Version Email this Page

Version: 3.5.1 Rating:
Released: 09-24-2005 Last Update: 07-10-2006 Installs: 107
DB Changes Uses Plugins Template Edits
Additional Files  
No support by the author.

[high]The XSS security flaw reported in this modification has been fixed by Staff and a new zip file (3.5.1a) uploaded.[/high]

Here is a port of my vBug Tracker hack from vb 3.0.x. This mimics the Bug Tracker found at vBulletin.

Details:
  • 7 - table additions
    96 - Phrases Added
    3 - file additions
    2 - xml files
    8 - template additions
    3 - Plugins

Please click install for support! For those interested, the Pro version is in development and should be out soon. It will be released at vb-scripts.com.

Sept 25, 2005
Bug fixes:
  • * Added Missing phrases for editing status, type & severity.
    * Fixed bug in changing displayorder


Sept 26, 2005
Bug Fixes/Changes
  • * Fixed bugcache issue and tested
    * Added admin usergroup permissions

Sept 27, 2005 (Part 1)
Bug Fixes:
  • * Fixed subscribe issues and missing phrases.

Sept 27, 2005 (Part 2)
  • * Complete rewrite of the subscription piece including the unsubscribe.
    * Subscriptions fully tested and working from all aspects!


Nov 7, 2005
  • * Fixed missing table prefix when editing status.
    * Fixed issue when editing severities.
    * Now supports secondary usergroups.

Nov 24, 2005
  • * Fixed extra span tag in list template.
    * Fixed searching on version.
    * Added "unassigned" to dropdown.

Jul 11, 2006
  • * XSS Flaw fixed by Staff.

To upgrade:

Import the product xml and select "Allow Overwrite".
Upload all the files overwriting the old ones.

Lastly... Please follow the instructions exactly as they are outlined in the documents/install.txt and in the order as listed to avoid any problems.

Updated for vBulletin 3.7, Get it here

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #232  
Old 06-26-2006, 10:19 AM
Dark_Wizard Dark_Wizard is offline
 
Join Date: Nov 2001
Location: North Carolina
Posts: 1,251
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Todi
WTF? What is going on? How serious is this security flaw? Should everyone uninstall the mod? Why is there no information about this except a little notice at the top? I really don't like the sound of this... And since the coder has been MIA for so long, i find it unlikely that any fixes will be coming either. Please give us more information..
I have been notified and it is being worked on...will be out this week with a new update...
Reply With Quote
  #233  
Old 06-26-2006, 12:06 PM
Dark_Wizard Dark_Wizard is offline
 
Join Date: Nov 2001
Location: North Carolina
Posts: 1,251
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Issue has been resolved, waiting on a reply to my PM. Also additional bugs have been fixed and included in the update.
Reply With Quote
  #234  
Old 06-26-2006, 12:57 PM
majorxp majorxp is offline
 
Join Date: Aug 2005
Posts: 120
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dark_wizard
A security flaw has been reported in this modification and the author has been contacted for a fix. Until the flaw has been fixed we have removed the files from download. Thank you for your understanding.

It would have been nice to send out an update to all installed users to notify them of the issue so we could uninstall until it is resolved.

/uninstalled
...
Reply With Quote
  #235  
Old 06-30-2006, 04:16 PM
Simplicity Simplicity is offline
 
Join Date: Jun 2004
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Looks like we may need to wait a while for the moderators to give this the go-ahead and allow the file download
Reply With Quote
  #236  
Old 07-11-2006, 11:39 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The XSS security flaw reported in this modification has been fixed [by Staff] and a new zip file (3.5.1a) uploaded, vbugs.php is the file that has changed.
Reply With Quote
  #237  
Old 07-12-2006, 07:53 PM
majorxp majorxp is offline
 
Join Date: Aug 2005
Posts: 120
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks Paul!
Reply With Quote
  #238  
Old 07-12-2006, 08:39 PM
MThornback MThornback is offline
 
Join Date: Apr 2005
Location: Canada
Posts: 388
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks Alot Paul
Reply With Quote
  #239  
Old 07-13-2006, 06:19 AM
Zelda-King's Avatar
Zelda-King Zelda-King is offline
 
Join Date: Nov 2002
Location: London, England
Posts: 674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Since upgrading to 3.5.1a the "Title / Submitted By / Date" column in the listbit doesn't look right (see attachment).

Also, using this on vB 3.6 RC1 results in the following errors at the top of the page;

Warning: Invalid argument supplied for foreach() in /vbugs.php on line 123

Warning: Invalid argument supplied for foreach() in /vbugs.php on line 128

Warning: Invalid argument supplied for foreach() in /vbugs.php on line 133

Warning: Invalid argument supplied for foreach() in /vbugs.php on line 138

(I realise this isn't officially ready for 3.6 yet. Just leaving feedback to consider.)
Reply With Quote
  #240  
Old 08-05-2006, 03:35 PM
jluerken's Avatar
jluerken jluerken is offline
 
Join Date: Aug 2003
Location: Germany
Posts: 1,016
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Zelda-King, I have the same
Warning: Invalid argument supplied for foreach() in /vbugs.php on line 123
...and so on.

Is there any fix available?
Reply With Quote
  #241  
Old 08-06-2006, 10:05 PM
jluerken's Avatar
jluerken jluerken is offline
 
Join Date: Aug 2003
Location: Germany
Posts: 1,016
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It has problems since vb3.6 with those lines in vbugs.php

PHP Code:
foreach ($bugcache['severity'] as $key => $entry) {
  
$selected iif($vbulletin->GPC['vbug_severityid'] == $key'selected="selected"');
  
$val $entry['title'];
  eval(
'$severitybits .= "' fetch_template('userfield_select_option') . '";');
}
foreach (
$bugcache['type'] as $key => $entry) {
  
$selected iif($vbulletin->GPC['vbug_typeid'] == $key'selected="selected"');
  
$val $entry['title'];
  eval(
'$typebits .= "' fetch_template('userfield_select_option') . '";');
}
foreach (
$bugcache['version'] as $key => $entry) {
  
$selected iif($vbulletin->GPC['vbug_versionid'] == $key'selected="selected"');
  
$val $entry['title'];
  eval(
'$versionbits .= "' fetch_template('userfield_select_option') . '";');
}
foreach (
$bugcache['status'] as $key => $entry)
{
        
$statuscount $db->query_first("
        SELECT count(*) AS status
        FROM " 
TABLE_PREFIX "vbug
        WHERE vbug_statusid = 
$key
        "
);
  
$numstatuses $statuscount['status'];
  
$selected iif($vbulletin->GPC['vbug_statusid'] == $key'selected="selected"');
  
$val $entry['title']. " (" .$numstatuses")";
  eval(
'$statusbits .= "' fetch_template('userfield_select_option') . '";');

The foreeach statement is wrong but I am not a programer to say what has changes with 3.6 and how those lines need to look now.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:37 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05237 seconds
  • Memory Usage 2,330KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete