The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Possible bug/security issue
found this in core/includes/functions_login.php
Code:
if ($postvars['securitytoken'] = 'guest') { $vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['secret']) . sha1(vB_Request_Web::$COOKIE_SALT)); $vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']); $postvars['securitytoken'] = $vbulletin->userinfo['securitytoken']; $vbulletin->GPC['postvars'] = sign_client_string(json_encode($postvars)); } |
Благодарность от: | ||
ozzy47 |
#2
|
||||
|
||||
No it is not a comparison operator, it is a string operator, http://php.net/manual/en/language.operators.string.php
Not a bug or security issue. |
#3
|
|||
|
|||
Quote:
|
#4
|
||||
|
||||
No it does not assign, $postvars['securitytoken'] with 'guest'
What it is is part of the login redirect, saying if the user logging in is a guest, to do this. |
#5
|
|||
|
|||
I think he means that
if($postvars['securitytoken'] = 'guest') Will assign guest to the $postvars['securitytoken'] variable. However, it should be this: if($postvars['securitytoken'] == 'guest') I don't know the rest of the code so this might be intended by whoever wrote the script. |
#6
|
||||
|
||||
I believe he is correct, it looks like a typo from the vb4 version of the same code.
|
#7
|
|||
|
|||
This was fixed in vBulletin v4.1.11.
|
#8
|
|||
|
|||
Thanks for letting me know but this is from vb5.
/*================================================= =====================*\ || ################################################## ################## || || # vBulletin 5.1.2 Patch Level 3 - Licence Number ########## || # ---------------------------------------------------------------- # || || # Copyright ?2000-2014 vBulletin Solutions Inc. All Rights Reserved. || || # This file may not be redistributed in whole or significant part. # || || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # || || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || || ################################################## ################## || \*================================================ ======================*/ I could upload the file as proof, if it doesn't get me into trouble for copyright violations. |
Благодарность от: | ||
tbworld |
#9
|
|||
|
|||
You know I thought I checked the forum category, right before I posted. Oh well, I am loosing it. I guess vb goofed then, and good fine.
VB5 was ported from VB4 before they fixed it in VB4, so it makes sense. Make sure you post it to JIRA, or if you do not want to bother let me know and I will handle it. |
Благодарность от: | ||
Gokkesokken |
#10
|
|||
|
|||
Quote:
Thanks for letting me know, I think your explanation is very plausible and also the most likely given the circumstances. The reason I posted this here first was because I didn't want to submit an inaccurate bug report. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|