Helpful Information
 
 
Category: Advanced Warning System (AWS)
vBulliten 3.0.7 Unexistant File Edit

Hello all, I am installing vBAdvanced Warning System (the latest in the download thread) on vBulliten 3.0.7 and when the file edit comes for private.php it tells you to do this:

In the same file, find:

// check for valid users
$pm['recipients'] = vbstrtolower(trim($pm['recipients']));

Right below that, add:

if (!$warn_opts['collector']=='' OR !$warn_opts['collector']=='0')
{
if (!$warn_opts['automatic_warner']=='')
{
$w=$warn_opts['automatic_warner'];
$autowarner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$autowarner=vbstrtolower($autowarner['username']);
}
if (!$warn_opts['warner']=='')
{
$w=$warn_opts['warner'];
$warner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$warner=vbstrtolower($warner['username']);

}
$w=$warn_opts['collector'];
$collector=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$collector=vbstrtolower($collector['username']);

}

but this is the actual code in the private.php file.

// check for valid users
$pm['recipients'] = trim($pm['recipients']);

if ($pm['recipients'] == '')
{
eval('$errors[] = "' . fetch_phrase('pminvalidrecipient', PHRASETYPEID_ERROR) . '";');
}
else if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'])) // multiple recipients attempted
{
$users = preg_split('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($users AS $recipient)
{
$recipient = trim($recipient);
if ($recipient != '')
{
$recipients["$recipient"] = addslashes(htmlspecialchars_uni($recipient));
}
}
}

Should I just put it to make this:


// check for valid users
$pm['recipients'] = trim($pm['recipients']);
if (!$warn_opts['collector']=='' OR !$warn_opts['collector']=='0')
{
if (!$warn_opts['automatic_warner']=='')
{
$w=$warn_opts['automatic_warner'];
$autowarner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$autowarner=vbstrtolower($autowarner['username']);
}
if (!$warn_opts['warner']=='')
{
$w=$warn_opts['warner'];
$warner=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$warner=vbstrtolower($warner['username']);

}
$w=$warn_opts['collector'];
$collector=$DB_site->query_first("select username from ".TABLE_PREFIX."user where userid=$w");
$collector=vbstrtolower($collector['username']);

}

if ($pm['recipients'] == '')
{
eval('$errors[] = "' . fetch_phrase('pminvalidrecipient', PHRASETYPEID_ERROR) . '";');
}
else if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'])) // multiple recipients attempted
{
$users = preg_split('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $pm['recipients'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($users AS $recipient)
{
$recipient = trim($recipient);
if ($recipient != '')
{
$recipients["$recipient"] = addslashes(htmlspecialchars_uni($recipient));
}
}
}

Thanks, Travis.




EDIT: I just ignored the difference and pasted it where it should have. I dont notice any errors yet. =D

I did the same thing and haven't noticed any errors yet either. So I don't think it matters.

same here private.php didn't changed in the latest vb release however be sure you have the security patch for the XSS exploit in private php see announcements forum here (http://www.vbulletin.org/forum/showthread.php?t=74035) for a list of files that has been changed in vb3.0.7 you can go here (http://www.vbulletin.com/forum/showpost.php?p=819569&postcount=4)










privacy (GDPR)