Updating Version Number to 3.0.5... done

I think it's better to retain the information on exploits as safe as possible, even hidden from consumers; there must be a lot of stupid script kiddies with lots of money and spare time that are willing to spend 85$ to know what happned and explore the exploit (I slept a few hours, my english is in suck mode :p) just to feel the greatest man on earth hacking sites :S

Anyway, my update is almost done (I hope) :)


When (if) the exploit becomes known then I think we can have some more detail in members area.

(hummm... need to change my nick to old good Chip... why the hell did I put the Tz :p)

I only updated to version 3.0.4 yesterday and have had to do it all again today because of this new (3.0.5) version. It doesn't take long though and it must be worth it, so i've upgraded again.

IF i upgrade, will I loose all my hacks?
You will have to re-edit all your hacked files.
Or, if you're smart, you get Araxis Merge (google it), with which you can compare the new and old files, and edit them out before you update, so you'll never lose anything ;).

Ow, and, 1 question:
Do we still need to check for the virus thing in our logs once we upgraded tp 3.0.5, or are we safe then?

Weee!!!

finally upgraded, after backing up everything :)

Very smooth upgrade (windows stile: next --> next --> next --> finnish)

Well done :)

I urgently need init.php for version 3.03. I uploaded the new one and now my forum won't run! I don't have time to upgrade to 3.05 at the moment.

Thanks,

Tim
mousel@defend.net

I urgently need init.php for version 3.03. I uploaded the new one and now my forum won't run! I don't have time to upgrade to 3.05 at the moment.

Thanks,

Tim
mousel@defend.net
It sounds like your init.php from 3.0.3 was modified - or your other files have hacks that depend on init.php. Re-apply the custom code changes to the new init.php

IF i upgrade, will I loose all my hacks?Consider this:

If you install a source code hack you modify the source code.
If you upgrade, you upload new files to the server, overwriting the files from the older version .. which you have modified.

So yes, you will loose all your source code hacks. The template changes and mysql database changes (if any) will remain in place. You just have to re-apply the source code changes again.

I have just done the upgrade to 3.0.4 and done al the moduls al over again.

I was hoping this was a joke.:eek:We only wish it was a joke. But no, fortunatly we found a new security issue and provided our customers with a fix as soon as possible.

Not sure its very clear.. so i m asking again
Understood that (as stated above) replacing init.php makes the installation "much safer"
Meaning that all recent SECURITY ISSUES are handled effectivly by replacing only this particular file?
I do not care at this time to upgrade from 03 to 05 for reasons like fixind other minor "bugs", i ONLY care about security issues.. Thats why i replaced this file only, as suggested. So.. ""much safer" means same safety level as if upgrading to 05?
Or i need to update ALL files (upgrade the entire installation) in order to be safe from those recently discovered security problems?
I repeat i dont mind about other bugs fixed, only security bugs.
This depends: Which version of vBulletin are you running? I believe we also gave a patch for 3.0.3's authorize.php - check that announcement too.

Okay, my host has PHP 4.3.10 with mod_security enabled in httpd.conf. Now, is my 3.03 board with the 3.04 patch vulnerable? Thanks

Okay, my host has PHP 4.3.10 with mod_security enabled in httpd.conf. Now, is my 3.03 board with the 3.04 patch vulnerable? Thanks
Yes.... All versions of vBulletin lower than 3.0.5 are vulnerable. This has nothing to do with the PHP vulnerabilities announced a couple of weeks ago.

Alright, I just renewed my membership and will upgrade to 3.0.5 shortly :cool:

Got the upgrade done on both sites in 4.5 hours last night including rehacking both from scratch.

All running smoothly.

Thanks guys :D

I found this in an error log in my forums folder

[20-Dec-2004 08:25:08] PHP Warning: Constants may only evaluate to scalar values in /home/public_html/vb/includes/init.php on line 752

Was this an attempt to exploit my board? I have about 20 entries like this on the same day/~time

Did your hosts upgrade to php 4.3.10 on that day by any chance?

This error arises if php is upgraded but Zend Optimizer is not.

OK, I'm a bit worried now. I'm running vBulletin 3.0.0 RC4 on my board. I would upgrade, however, my members area subscription has expired (I have an owned license), and I have no money to update my subscription.

In your post, you said:Does that mean I am unable to use the updated init.php file attached to the announcement, like, is it incompatible?

What can I do?
Correct. You need to upgrade. Please note we do not providde support for pre-release versions of the software.

Not comfortable with the security through obscurity trick, but please tell me one thing, tell me that &comma= is NOT the param that can be overloaded in an attack.

If it is, then it's pretty obvious that you just pass through escaped PHP or something through to the index.php file. In other words, you just announced how to use this to anyone with the codebase (search for the word comma, and it appears in the calendar stuff for the front page for example).

It would be helpful if you disclosed the full details so that those of us with mod_security, etc can add this attack to our defences (as well as upgrading), and also so that we can be aware of just what is possible from a successful attack (for example, can they steal admin permissions, delete data from the database, pretend to be another user, etc).

It you weren't to disclose full details, then I really would rather that none were disclosed, or that which were disclosed were totally innocent... i.e. that &comma= is not part of the attack but just a negligible part of the signature of an attack.

I found this in an error log in my forums folder

[20-Dec-2004 08:25:08] PHP Warning: Constants may only evaluate to scalar values in /home/public_html/vb/includes/init.php on line 752

Was this an attempt to exploit my board? I have about 20 entries like this on the same day/~time
This error is related to PHP 4.3.10 and ZendOptimizer. The fix is to upgrade ZendOptimizer. Here is some info from one of our Developers about this problem:

http://www.vbulletin.com/forum/showthread.php?p=778527#post778527

As lovely as they might be, whats to stop these users then using exploits on competitors sites?

Is this why there's security by obscurity?

Is this why there's security by obscurity?

Definatly.
If Jelsoft put an announcement that the next version was out because someone could enter a string on your forums and it would, say, delete all your posts - don't you think some people might instantly go and try it out on other sites

3.0.4 is more secure than 3.0.3, but all versions of vBulletin 3 before 3.0.5 have this newly found flaw.

With vbulletin.com/.org going down for quite some time ... is that how you discovered the flaw in 3.0.x (x <= 4) ? Sounds like you got rooted. I see you also say that all sensitive data sent to vbulletin may now be leaked ... any details ?

Did you shut down vbulletin.com when you saw the hacker stealing info ?

Have managed to upgrade without problems, thanks guys for excellent instructions. :)

With vbulletin.com/.org going down for quite some time ... is that how you discovered the flaw in 3.0.x (x <= 4) ? Sounds like you got rooted. I see you also say that all sensitive data sent to vbulletin may now be leaked ... any details ?

Did you shut down vbulletin.com when you saw the hacker stealing info ?
We shut down vB.com while we did various auditing on the site to ensure that data is secure and while we prepared the new version for release.

I can assure you that we definitely were not rooted, as the flaw in vBulletin would not allow a server to be taken over to this degree, unless Apache was running as root.

Originally Posted by osirisjem
With vbulletin.com/.org going down for quite some time ... is that how you discovered the flaw in 3.0.x (x <= 4) ? Sounds like you got rooted. I see you also say that all sensitive data sent to vbulletin may now be leaked ... any details ?

Did you shut down vbulletin.com when you saw the hacker stealing info ?
Having been a customer of Jelsoft, both in my own capacity and moderating for commercial sites that run vBulletin, for many years, I am perfectly happy that if that had happened, they would have said so.

The company takes security more seriously than most other software companies I have dealt with. They are not afraid to admit a security flaw immediately rather than covering it up as some do.

This is one of many reasons so many of us renew/purchase our licences without question.

Upgraded again smooth.:p

No problems with anything. Thanx fore taking good care of our security.;)

Please note that the init.php file in post #1 assumes that you have not installed any hacks. If you have installed hacks (in particular the Arcade hack but possibly others) you will need to ask for help in the appropriate forum and thread for that hack to find out if anything needs to be changed in this file

How will this affect the Arcade hack, any updates?

How will this affect the Arcade hack, any updates?
If you have the arcade hack and plan to just switch the init.php file, you need to reapply the arcade hack instructions that relate to init.php ONLY (about 4 edits). Apply these to the new init.php file. If you don't do this you'll get errors.

If you do the full upgrade, you'll need to reapply ALL the php file edits for the arcade, but NOT the templates and NOT the arcade install file.

Dont forget guys that if you have vbadvance's gallery software you have to edit the init.php file for that too. ;)

I use the vBindex Portal which worked automatically after my upgrade without any alterations whatsoever. :D

Correct. You need to upgrade. Please note we do not providde support for pre-release versions of the software.OK, so, basically, I'm screwed?

What's the worst thing that could happen with this exploit? Are we talking about hackers being able to retrieve personal information of my members and thus putting me in legal trouble for mistakes being made by other third parties (ie. Jelsoft) over which I have no control?

Is there any other way I can fix this problem without having to pay out money (which, I don't have) to fix broken software (eg. disabling some feature)?

Hell, even Microsoft still releases security updates for old software for free...

OK, so, basically, I'm screwed?

What's the worst thing that could happen with this exploit? Are we talking about hackers being able to retrieve personal information of my members and thus putting me in legal trouble for mistakes being made by other third parties (ie. Jelsoft) over which I have no control?

Is there any other way I can fix this problem without having to pay out money (which, I don't have) to fix broken software (eg. disabling some feature)?

Hell, even Microsoft still releases security updates for old software for free...
If you have an owned licence then it's only $30 to get immediate access to the latest version.

OK you don't have any cash, I realise that, but if your board is of any value to you this is something you simply MUST do. $30 is not much in the grand scheme of things.

Hell, even Microsoft still releases security updates for old software for free...

Actually they don't. The only version of Windows that Microsoft is supporting now is Windows XP SP2. Plus they have never never supported beta software which is what you are using if you are using RC4.

I
f you have an owned licence then it's only $30 to get immediate access to the latest version.

OK you don't have any cash, I realise that, but if your board is of any value to you this is something you simply MUST do. $30 is not much in the grand scheme of things.With the exchange rate, it works out to be more like $60 for me. For a person who has no income (being a student without a job), this is not exactly something that comes easily.

I would be wiping out half the amount of money I currently have available by renewing my members area access. I find it unacceptable that I must pay for a mistake (big one at that) made by someone else.

I don't care about small functionality bugs, typos, the odd error message where one shouldn't be - that I all can live with... But I am unable to live with the knowledge that my forum is at risk of a security issue lying around which I'm sure that someone will eventually figure out how to exploit (hell, it seems that someone already has...)

OK, so, basically, I'm screwed?

What's the worst thing that could happen with this exploit? Are we talking about hackers being able to retrieve personal information of my members and thus putting me in legal trouble for mistakes being made by other third parties (ie. Jelsoft) over which I have no control?

Is there any other way I can fix this problem without having to pay out money (which, I don't have) to fix broken software (eg. disabling some feature)?

Hell, even Microsoft still releases security updates for old software for free...
Email me access information for your server and I'll fix it.

Email me access information for your server and I'll fix it.Thanks for your help Mike, I've sent my details.

Actually they don't. The only version of Windows that Microsoft is supporting now is Windows XP SP2. Plus they have never never supported beta software which is what you are using if you are using RC4.

Beg to differ, the Windows 2000 SP5 was cancelled but a security rollup is planned.
On the flipside, you should never use beta products in a production system, unless you have the means to upgrade to a more final product.

I've completed the upgrade and I noticed that the style manager is a lot different with regard to accessing which php file you want to edit...

Now it works fine in IE but in Firefox, I can't double click on the php (let's say newreply for example) and edit it. I click and click and click and nothing happens. The edit, customize, expand/collapse buttons don't work either. I tried this in IE and everything is fine...

Perhaps a setting of mine?

Do a hard refresh and it will work fine

Thank for your job, guys!
I have only three very simple hacks installed, so upgrading is really smooth (I don't know if hacks will work with 3.0.5 though) :)

I've completed the upgrade and I noticed that the style manager is a lot different with regard to accessing which php file you want to edit...

Now it works fine in IE but in Firefox, I can't double click on the php (let's say newreply for example) and edit it. I click and click and click and nothing happens. The edit, customize, expand/collapse buttons don't work either. I tried this in IE and everything is fine...

Perhaps a setting of mine?
Right click on the template editor frame and select "This Frame" then click "Reload Frame" its the simpliest way.

I just read the latest XSS issue (about private.php) and just wanted to say that I'm glad that you guys are on top of these things. It must suck to be plagued with all these issues in such a short amount of time (when it rains, it pours!), but I understand.

Keep up the great work!

There is an XSS risk in all vBulletin 3 up to and including 3.0.5 Revision: 1.262.2.2 - that patch has been released.

For those who might have missed the announcement, refer to this:
http://www.vbulletin.com/forum/showthread.php?p=792983#post792983

I would have preferred an urgent email. :) Lucky I was subscribed to the bug report which has been deleted but updates are still sent to me. :)

Upgraded to v3.05 from v3.03 in less than 15 minutes.

Thanks for keeping us up-to-date! :)

There is an XSS risk in all vBulletin 3 up to and including 3.0.5 Revision: 1.262.2.2 - that patch has been released.

For those who might have missed the announcement, refer to this:
http://www.vbulletin.com/forum/showthread.php?p=792983#post792983

I would have preferred an urgent email. :) Lucky I was subscribed to the bug report which has been deleted but updates are still sent to me. :)
We need to hide potential security exploits that are posted for all to see until we finish an investigation of the validity of the issue and prepare an appropiate patch. Leaving them open for all to see only invites their explotation. One might come to the conclusion that there is a concerted effort going on to attack vBulletin at the moment. We are better off for this though as it leads us to the most secure product we can release.

Just before this post, the members' area package and init.php in the first post were updated to fix the new referrer checker system (it did not function in 3.0.5). See this bug report (http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3620) for more information.

If you downloaded 3.0.5 or init.php after the time of this post, you already have the fix provided in that report.

I'm afraid every time I come back here I will see
vBulletin 3.0.6 Released.:eek:
BTW- My two sites ungraded smoothly. One has vBadvanced and the other has vBadvanced, v3 Articles and Links and Databases addons. Although something is new in that newthread.php is not working the same as 3.0.4 with vBa. Not vBs fault.

Just for the record, does installing the new init.php file fix the security holes in vB3.0.4 as well? I'm not sure I'm going to have enough time to upgrade my board fully this weekend, although luckily I haven't started doing much hacking yet and I should probably be able to reapply the modifications I have made in about five minutes. I'm a bit concerned, though.

Just for the record, does installing the new init.php file fix the security holes in vB3.0.4 as well? I'm not sure I'm going to have enough time to upgrade my board fully this weekend, although luckily I haven't started doing much hacking yet and I should probably be able to reapply the modifications I have made in about five minutes. I'm a bit concerned, though.
Yes it does.

Excellent; I'll probably wait until the 'big update' comes out to do a full upgrade, then. ;) Thanks for the swift reply. :)

I got a serios problem now:
POST requests from foreign hosts are not allowed.

This is the message i get.:eek:
It al worked fine until i did the bug fix.

POST requests from foreign hosts are not allowed.

.

I am getting this as well when trying to view the user agent on "who's online":confused:

I am getting this as well when trying to view the user agent on "who's online":confused:
Try posting ore get in to your admin panel. Nothing works.:confused:
Hope someone could help out soon.

just realized that

Works fine for me

I am able to view the User Agents in whos online

Fully updated along with the two patches with private.php and the newest init.php

the init.php file is where it went bad for me.
I went back in and changed that file back to the original init.php file that I last downloaded for 3.0.5 and everything is working for me now.

Going to try it again and see if it takes this time.

I have tried to upload the original init file. But then i got more errors.:confused:

It works fine with me. I'm running 3.0.3 with the latest init.php and private.php patches.

Those of you with the referrer issue: If you email me the URL to your forum and login details, I will fix it for you.

If you wish to disable the referrer check completely (I don't recommend it), you can put this in your config.php:
define('SKIP_REFERRER_CHECK', true);

works fine for me on the second attempt. I actually redownloaded 3.0.5 minus the images and just reloaded the entire init.php file to be safe. :)

It works fine with me. I'm running 3.0.3 with the latest init.php and private.php patches.
It works now.

The moon must've been in the wrong position, because you both reported it as working within a minute. :)

Glad to hear it's working!

Thanks for the quick update vB.

I updated all 3 forums (No Mods) in less than 20 minutes without any problems. Unlike some who want to complain about getting fixes I would rather be notified of a problem than have it hidden!

How come the Upgrade.php file only upgrades the forum to 3.04?

I downloaded the 3.05 files. Did you guys forget to update the upgrade.php for 3.05?

My Forum still says Powered by: vBulletin Version 3.0.4

How come the Upgrade.php file only upgrades the forum to 3.04?

I downloaded the 3.05 files. Did you guys forget to update the upgrade.php for 3.05?

My Forum still says Powered by: vBulletin Version 3.0.4
Did you upload the new install directory that came with 3.0.5?

Yep done that.

I figured out what I done wrong

My mistake.

Thanks for the update.

working great thus far. Thank you for the update.

Anyone tried to rebuild a search index in Firefox 1.0 yet?

It's umm, interesting ;)

Anyone tried to rebuild a search index in Firefox 1.0 yet?

It's umm, interesting ;)I've just run rebuild search index in firefox 1 for my site and it run perfectly fine. Automaticly went to the next page and everything. Please explain what you mean - feel free to PM me.

The moon must've been in the wrong position, because you both reported it as working within a minute. :)

Glad to hear it's working!
It was my mistake, i dident see that the init file was changed once more. ;)

I take my hat off to vB. Yes, it's a pain re-installing all these hacks with each upgrade - the price for having a hacked board, I guess.

But the speed at which fixes are made available for critical flaws is awesome.

Once again the vB team show why they are #1.

Upgraded to 3.0.5 fine. I had 3.0.3 + init.php (new one). Before the upgrade my hoster installed PHP5 and i started getting errors. After the upgrade to vB 3.0.5 everything got back to normal. I'm just curious, was vBulletin 3.0.3 not optimized for PHP5?

So ALL I have to do to patch my current version of 3.05 upgraded on 01/07/2005 is replace the private.php and init.php or should I do the entire upgrade once again.

Thanks in advance.

If you have got 3.0.5 then you onlt need to patch the private.php. The init.php is there for people who don't want to upgrade from 3.0.3 or 3.0.4 and just wanted to patch the file or who wanted to patch until they have the time to do the upgrade.

Already replaced private.php :)

Can't you place a note in owr own boards whene there is a new patch, like the one we have when we are running a outdated release? It would help a lot.

I'll lpost this suggestion again in the appropriated place :)

Now, I have one question regarding the issue that was fixed in 3.0.5: is this strickly a vbulletin dependant issue or is it related to php bugs that have been discovered recently and jelsoft enterprises is just trying to do it's best to resolve the issues. I have read all the thread but I still have this doubt... just because we may still be vulnerable to a lot of php issues if it was not a vbulletin problem.

Can I do a clean install with 05?

Can I do a clean install with 05?

You can do a clean install with any version.....

The latest build of vB 3.0.5 fixes more than the Init.php file - so shouldn't it have a new version number?

I'd think that it would be misleading that if a user is running vB 3.0.5, they might have a few particular fixes, or they might not. That's very inexact, I would think...

I've just run rebuild search index in firefox 1 for my site and it run perfectly fine. Automaticly went to the next page and everything. Please explain what you mean - feel free to PM me.

The script runs... but it doesn't show you what it's doeing, you just get a beautiful blue background... if it stops you have no clue where... :)

It happened to me... solution was to do it with IE :(

Even in IE it would be usefull that in the last page it ould stop requiring a click, showing an ok result until post xpto instead of automatically jumping to the update counters page again :)

Also reported this here but then I saw the post above yours :)

http://www.vbulletin.com/forum/showthread.php?p=793331#post793331

Does the init.php file have to be CHMOD at 655? :confused:

All your php files can be 644.

Does the init.php file have to be CHMOD at 655? :confused:

just uploaded the patch

when I log in to admincp the user info (moderate users etc) is all missing :confused:

guess i'll have to upgrade lol

another Q - will this upgrade effect any "usergroups" I have set up??

No I suggest giving this a read

http://www.vbulletin.com/forum/showthread.php?t=124989

No I suggest giving this a read

http://www.vbulletin.com/forum/showthread.php?t=124989

Thanks that done the trick:D

well upgraded to 3.0.5 on a pretty heavily hack board and the only thing that is screwed is my shout box :( which is the BVShoutbox now i can not find the hack to figure out why lol :( Hope this is the last update for a bit as it took me a while to compare and revise the files. But am glad the secruity is fix for a bit :)

I know this is not the place to ask but any one klnow where the BVShoutbox hack went ? found it but still can't get it working lol

All I can add is to take this seriously, because there are hackers exploiting these holes.

Just today, I received an ominous email from webmaster@XXXXXX.com, which hosts my halo server:

"your forums was beeing be cold blood

watch out
iam here"

Sure enough, when I checked out their forums, they had been hacked. To add insult to injury, the hacker - via the admin panel - emailed all of their forum users, AKA customers.

Outstanding job to the VB staff to be so responsive to the situation. This is the kind of "chips are down" delivery that really keeps customers.

they had been hacked
Hardly. There are more wannabe admins using their hamsters name as passwords than people knowing howto hack anything apart from a tree in the woods ...

Hardly. There are more wannabe admins using their hamsters name as passwords than people knowing howto hack anything apart from a tree in the woods ...

Not hardly. This wasn't an amature's site. This is a company whose livelihood comes from the internet.

Do you know anything about the hacking community? Have you ever been a corporate information security specialist? I know how to back-check an event to determine if it is a real hacking event and this was. The hacker took advantage of a VB site that was running less that the latest available version.

Instead of it being a warning to those who are lapse in maintaining their sites, you decide to trivialize the whole event.

I tell you what. Want to test the ability of determined hackers? Give me your site's URL. I know where to post the challenge.

MAN OR MOUSE TIME, SQUEAKIE.

Yeah, new vB versions and now all of a sudden some site has been hacked and everyone is a hacker LOL. Professional hackers? Give everyone a break! If these lamers were this would have happened MONTH before if they had a real clue or hunch. And yes, I'm a certified M$(security)- and Linux Professional(+ programmer) too and been in biz for over 15 years. No need for lectures here m8, please keep it to yourself or post your logfiles entries etc etc and/or evidence/proof here first( X out the IP's no fookin fakes please). Hearsay ain't good enough, script kiddies and computer mag reader 5mins experts the IT world is fed up of them already, no offence m8 but cobblers stick to yer last! No need for BS and throw all vB users either, post proof and FACTS and HARD EVIDENCE first, otherwise ...... :rolleyes:

ouch folks. ;) No one is not taking this seriously. and tru there are a lot of folks who are not up to where they should be as far as passwords and such but there are also folks out there who know exactly what they are doing so I for one am very grateful for vb's reaction to this problem even tho it is a pain. I for one would rather spend some hours upgrading then having a forums secruity breatched and the forum ruined along with the rep that goes with the community. So I for one will do what it takes to keep from getting compromised.

And it also looks like vb has that same thoughts. So lets just take a bad situation and do what we need to do and move on :D

These daily patches to the original 3.0.5 distribution are starting to get rather confusing.

Could someone from dev team confirm that the only two files that changed from the "original" release of v3.0.5 are: private.php and init.php? Is there anything else I need to change / patch?

thanks

but there are also folks out there who know exactly what they are doing
Yes, but nobody learns how to do all this in 3 days, unless "learned and copied from somewhere" (apart from comma nothing has been mentioned here, and normally exploits are posted *elswhere* first but not at the makers site ;)). And nobody said the update isn't needed, it is and has to be done the earlier the better :) :)

@flanker: there are some more minor changes(6 files I think) just download again and compare :)

3.0.4 - Bug fixes and a security issue. If you didn't want to run the update, you could choose to upload the patched init.php file.
3.0.5 - More bug fixes (on top of the fixes from 3.0.4), and another init.php patch. Later, they released a patch for priate.php.

You can upload the latest patches (from the 3.0.5 announcement) for init.php and private.php and you will be secure. If you upgrade to 3.0.5, you will be secure, and have bug fixes from 3.0.4 and more.

In summary: If you uploaded the patched files init.php and private.php, you will be safe but the bugs within vBulletin will still remain. If you upgrade to the latest version, you will be secure and will have all the bugs killed.

Yeah, new vB versions and now all of a sudden some site has been hacked and everyone is a hacker LOL. Professional hackers? Give everyone a break! If these lamers were this would have happened MONTH before if they had a real clue or hunch. And yes, I'm a certified M$(security)- and Linux Professional(+ programmer) too and been in biz for over 15 years. No need for lectures here m8, please keep it to yourself or post your logfiles entries etc etc and/or evidence/proof here first( X out the IP's no fookin fakes please). Hearsay ain't good enough, script kiddies and computer mag reader 5mins experts the IT world is fed up of them already, no offence m8 but cobblers stick to yer last! No need for BS and throw all vB users either, post proof and FACTS and HARD EVIDENCE first, otherwise ...... :rolleyes:

1. Wasn't my site, slick

2. Wasn't the lastest version of VB either, slick. I stated that. As a citizen of the country that invented the language that my side of the pond butchers, I would have thought you'd have better reading comprehension.

3. *I* removed the domain name from my original post because I neither wished to embarrass the business nor cost them customers.

4. The only BS here is your pompous, overbearing attitude.

So, let me recap so you have a FIRM GRASP of the obvious.

A back-rev'd site (explanation: a VB site NOT running the latest version.) by SEVERAL versions was hacked using a PHP code exploit (NOT by guessing the admin password) thus serving as an example of why we should remain current in our VB version.

Hopefully, this recap will suffice to sooth the savage blowhard.

Just before this post, the members' area package and init.php in the first post were updated to fix the new referrer checker system (it did not function in 3.0.5). See this bug report (http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3620) for more information.

If you downloaded 3.0.5 or init.php after the time of this post, you already have the fix provided in that report.
Are you sure the init.php attachment in the first post of the announcement is updated? The post's last edited info is "Last edited by Kier : Jan 7th 2005 at 3:37am.". Shouldn't updating the attachment also update the post's last edited time? :confused:

FASherman (http://www.vbulletin.com/forum/member.php?u=21105) http://images.vbulletin.com/images_vb3/statusicon/user_offline.gif and
pco (http://www.vbulletin.com/forum/member.php?u=52584) http://images.vbulletin.com/images_vb3/statusicon/user_online.gif get a room please! :)

I run a quick comparison between "original" 3.0.5 release and the "current" 3.0.5, available for download now (as of this moment). Here is the list of files that changed:

upload\admincp\attachment.php
upload\admincp\forum.php
upload\admincp\forumpermission.php
upload\admincp\user.php
upload\clientscript\vbulletin_templatemgr.js
upload\includes\adminfunctions_user.php
upload\includes\init.php
upload\install\vbulletin-language.xml
upload\private.php

So, v3.0.5 could be alot different, depending on time of the download. This is very confusing. I would rather see minor version updates in form of v3.0.5.X, so people would always know which patches they already got and which are still outstanding.

@FASherman:
The FACT remains even if there should be any truth in it: no one was HACKED before the announcement of 3.0.4/5 unless you have proof(like logfiles and no snippet of the latest blog of some1 etc) of the opposite?? So please spare everyone the details about the "professional hackers" OK no matter what the hacked site URL is or was. And it's not Jelsoft's fault if someone is using CPanel, Plesk/Confixx etc etc and other BS/wannabe admin/20MB HP reseller nonsense/cr4p and if they can't edit php.ini on their virtual or whatever kiddy 5$ servers etc. So they get what they pay for actually right??! No need to blame ANYONE BUT THEMSELVES, doesn't even have anything to do with vB at all actually. Call yerself webmaster? Then be one and try it and DO it, same for postmaster or newsmaster etc whatever, close the holes ... :-)

@minx: my last post in this thread, isn't worth it just look at his sig. Greatings from The Postman and Columbus then LOL ...

Thanks that done the trick:D

ach nut,sorry to be a pain but I still dont have user info etc in admin cp

do you need to turn it on or something now as the init.php file appears to be correct

attached is screenshot

init.php as per bug tracker

This is probably not the place for this, but here goes.

I have a custom script which displays the latest posts on the forum home page. The script is as follows

$lasts = $DB_site->query("
SELECT threadid, thread.title, thread.lastpost, thread.forumid, postusername, thread.lastposter, postuserid, views, thread.replycount, forum.title AS forumtitle
FROM " . TABLE_PREFIX . "thread AS thread
LEFT JOIN " . TABLE_PREFIX . "forum AS forum ON forum.forumid = thread.forumid
WHERE visible = 1
ORDER BY lastpost DESC LIMIT $vboptions[nbrlast]
");
while ($last = $DB_site->fetch_array($lasts))
{

if ($bbuserinfo['forumpermissions']["$last[forumid]"] & CANVIEW)
{

if (strlen($last['title']) > $vboptions['nbrcarlast'])
{
$last['title'] = substr($last['title'], 0, $vboptions['nbrcarlast']) . "...";
}

$last['title'] = htmlspecialchars($last['title']);

$last['lastpost'] = vbdate($vboptions['dateformat'], $last['lastpost'], true);

eval("\$lastbit .= \"".fetch_template('forumhome_lastbit')."\";");

}

}

This was working fine under 3.0.3 and 3.0.4 but in 3.0.5 it is generating this error:

Database error in vBulletin 3.0.5:

Invalid SQL:
SELECT threadid, thread.title, thread.lastpost, thread.forumid, postusername, thread.lastposter, postuserid, views, thread.replycount, forum.title AS forumtitle
FROM thread AS thread
LEFT JOIN forum AS forum ON forum.forumid = thread.forumid
WHERE visible = 1
ORDER BY lastpost DESC LIMIT

mysql error: You have an error in your SQL syntax near '' at line 7

mysql error number: 1064

Any thoughts?
That $vboptions array isn't working. I posted about it here. (http://www.vbulletin.com/forum/showthread.php?t=125833) Let me know if you figure it out.

ach nut,sorry to be a pain but I still dont have user info etc in admin cp

do you need to turn it on or something now as the init.php file appears to be correct

attached is screenshot

init.php as per bug tracker
Yes you do.

The expand all button works wonders there.

What is “referrer checker” ? I don't understand it.

What is “referrer checker” ? I don't understand it.
It's useless as I have posted here (http://www.vbulletin.com/forum/showpost.php?p=787638&postcount=31) because there's no obligation to refer and most(good) firewalls block it anyway. :) :)

Thread Moderated, If you guys can't play nice don't play at all.

I was specificly talking to you and Squall and no one else at this time pco.

That's it, both of you take it elsewhere please.

do I have to upgrade?? would it overwrite all my hacks I have on my board, which take 2-3 months to put everything back from the last upgrade..??????

do I have to upgrade?? would it overwrite all my hacks I have on my board, which take 2-3 months to put everything back from the last upgrade..??????

Yes you should upgrade, and yes it will overwrite all of your hacks. That is one reason as to why I am anti hacks. If only Jelsoft added more features to vBulletin 3.x on a regular basis. :(

Yes you should upgrade, and yes it will overwrite all of your hacks. That is one reason as to why I am anti hacks. If only Jelsoft added more features to vBulletin 3.x on a regular basis. :(
for real dude??damnn fk another 3 months of hell. ;( thanks for your reply dude.

If upgrading vBulletin seems too much work then turn off register_globals in php.ini and it will also prevent the problem.

ok... I think I've now read this whole thread and haven't seen this answered.

I've finished the vB upgrade, but I was curious to understand. I have register_globals=off in php.ini. Was I vulnerable with v3.03?

I know it was quite a while back that the need for vB to use register_globals=on was taken out of the software, (IIRC about the time the php folks defaulted it to off for security purposes). Is there some need for register_globals=on for vB that i'm just not using? or do people need it on for some vB hacks or other website things?

With register_globals off you were not vulnerable to the serious flaw which required the 3.0.5 release.

You were vulnerable to the far less serious flaw which required the 3.0.4 release. However, this bug was only known by a select few before the release of 3.0.4, so I'd be pretty confident your board is ok.

Oh, and vB does not require register_globals to be enabled, as you already know. Most people who leave it on do so to support legacy (old) software.

Ok....finally upgraded from 3.0.4 and rehacked my boards again, within the same week no less ...
I hope the next update will be the major release we have all been waiting for :)

Ok....finally upgraded from 3.0.4 and rehacked my boards again, within the same week no less ...
I hope the next update will be the major release we have all been waiting for :)
I hope so too :) Hopefully no more possible security issues will occur.

I updated with the posted init.php, but does this affect php 5.0.x ?? or does it have nothing to do with php?

PHP 5 is unaffected by the serious flaw that caused the release of 3.0.5.

PHP 5 is however affected by the less serious flaw that caused 3.0.4 to be released.

I run a quick comparison between "original" 3.0.5 release and the "current" 3.0.5, available for download now (as of this moment). Here is the list of files that changed:

upload\admincp\attachment.php
upload\admincp\forum.php
upload\admincp\forumpermission.php
upload\admincp\user.php
upload\clientscript\vbulletin_templatemgr.js
upload\includes\adminfunctions_user.php
upload\includes\init.php
upload\install\vbulletin-language.xml
upload\private.php

So, v3.0.5 could be alot different, depending on time of the download. This is very confusing. I would rather see minor version updates in form of v3.0.5.X, so people would always know which patches they already got and which are still outstanding.

Oh my now I am very confused I downed the vb3.0.5 friday or saturday so do I now have to redown it and fix the above files ? I just redid the init.php and the private.php. This release has me very confused as I can hardly keep up with all the mods to the release. So will have to agree with flanker

I echo Solent and frankly am a little pissed.

I downloaded vb3.0.5 shortly after released. I have upgraded. Then I read about private.php.

I have now downloaded and overwritten that file. Now there seems to be more issues.

My Questions:

Is there more? If so, can it be clearly articulated in something other than this 25 page thread.


I need to know whether my Vb3.0.5 that I downloaded last week with private.php overwritten, now secure?

Interesting. What were the changes flanker? I mean, was it like a revision number in a comment or something more substantial?

@digitalhome: The latest init.php and private.php should keep you secure. I'm not sure why the team would re-release 3.0.5 with updated files, though they would have told us if there were security issues. I would have thought it was to include the updated private.php file, but it wasn't the only file changed.

well i did a compare and some of it looks like minor stuff ( typos and that such )

but a couple look substantual

Interesting. What were the changes flanker?Minor, non-security related bug fixes that happened to be fixed before init.php was updated with the referrer check fix.

Yes you do.

The expand all button works wonders there.

I was on about all the info that used to be above "admin notes" in vb3.0.3 :rolleyes:

Minor, non-security related bug fixes that happened to be fixed before init.php was updated with the referrer check fix.If we upgraded to 3.0.5 before these were added can we simply overwrite the files with the latest iterations? If so, which files are involved?

I echo Solent and frankly am a little pissed.

I downloaded vb3.0.5 shortly after released. I have upgraded. Then I read about private.php.

I have now downloaded and overwritten that file. Now there seems to be more issues.

My Questions:

Is there more? If so, can it be clearly articulated in something other than this 25 page thread.


I need to know whether my Vb3.0.5 that I downloaded last week with private.php overwritten, now secure?


/*================================================= =====================*\
|| ################################################## ################## ||
|| # vBulletin 3.0.5
|| # ---------------------------------------------------------------- # ||
|| # Copyright ©2000–2005 Jelsoft Enterprises Ltd. All Rights Reserved. ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| ################################################## ################## ||
\*================================================ ======================*/


/*================================================= =====================*\
|| ################################################## ##################
|| # Downloaded from vBulletin 3.0.5 release announcement thread
|| # CVS: $RCSfile: private.php,v $ - $Revision: 1.262.2.3 $
|| ################################################## ##################
\*================================================ ======================*/


I'd say it's the same file as in the the updated vB 3.0.5 files. I'm not sure if it's the exact file, I don't have my access to download, I need to renew.

it all depends on when you downloaded the files.

PHP 5 is unaffected by the serious flaw that caused the release of 3.0.5.

PHP 5 is however affected by the less serious flaw that caused 3.0.4 to be released. I take it the two files I just patched didn't fix the minor flaw. I uploaded the init.php and private php files.

Looks like I will need to renew my access soon. Thanks for the info. :)

Minor, non-security related bug fixes that happened to be fixed before init.php was updated with the referrer check fix.
Like most people,i downloaded the 3.0.5 package when it was released on the 7th and then updated the init.php and private.php following the announcement (http://www.vbulletin.com/forum/showpost.php?p=792983&postcount=8) made yesterday.

So do you not think we still should have been informed of the other changes as well regardless of how "minor" they were?

So do you not think we still should have been informed of the other changes as well regardless of how "minor" they were?

And how do we know which files changed?

Are we expected to upload a whole set of new files for the third time?

Once again, I would ask, can we have something clearly spelled out other than snippets in a 26 page thread?

And how do we know which files changed?

Are we expected to upload a whole set of new files for the third time?

Once again, I would ask, can we have something clearly spelled out other than snippets in a 26 page thread?

The announcement lists what files changed from 3.0.3 to 3.0.4, and from 3.0.4 to 3.0.5.

The announcement lists what files changed from 3.0.3 to 3.0.4, and from 3.0.4 to 3.0.5.
But I think the point being made is, it doesn't list all the file changes made from the release of 3.0.5 to current. We know about init.php and private.php but apparently there are some more non-security related minor bugfixes. Could these be listed and explained somewhere?

The way it's heading I sense a 3.0.6 coming up. :(

Per my post yesterday, here is the list of files that changed in v3.0.5 from the point of original release:

upload\admincp\attachment.php
upload\admincp\forum.php
upload\admincp\forumpermission.php
upload\admincp\user.php
upload\clientscript\vbulletin_templatemgr.js
upload\includes\adminfunctions_user.php
upload\includes\init.php
upload\install\vbulletin-language.xml <- no need to re-upload this one
upload\private.php

There are a couple of typos, and the rest indeed look like bug fixes.

To stay up to date, all you need to do is to upload new versions of these files to your server. Of course, if you have mods in any of these files, you have to re-appy your mods before uploading.

No doubt, it's nice to have bugs fixed as soon as possible, but I don't like the fact that this release (v3.0.5) is a moving target. Any time a new tar ball is posted for Download, even if only a single file has changed, the release should get a minor version increment, such as 3.0.5.1, 3.0.5.2, etc with a list of changes provided within the sub-release. This way each of us would know exactly what we got loaded up on our servers, and which files need to be patched to get to the most current version.

The release was inadvertantly updated in its entirety instead of just the init.php (which is documented in the announcement).

Unfortunately, regarding a further minor revision number (3.0.5.1), the version comparison code (ie, to see if the version you have of X is older than the current version) doesn't support "4th degree" revisions.

just upgraded and everything went fine!! Thanks jelsoft! I had many hacks and a friend of mine did this upgrade for me!! It is an outstanding release

The release was inadvertantly updated in its entirety instead of just the init.php (which is documented in the announcement)But Mike that still doesn't answer the question about why we were not informed that there were other file changes,(not just init.php and private.php), made from the initial release on the 7th to the current release that is available for download.


As Mark.B said in a previous post:We know about init.php and private.php but apparently there are some more non-security related minor bugfixes. Could these be listed and explained somewhere?

The files that changed post-release are now listed in the files changed part of the announcement.

damnn that upgrade is confusing,alright, all I have to is upload 3.0.5 files overwrite everything, then run upgrade.p???

damnn that upgrade is confusing,alright, all I have to is upload 3.0.5 files overwrite everything, then run upgrade.p???
Yes...

The files that changed post-release are now listed in the files changed part of the announcement.Excellent,thanks Mike. ;)

I've fixed and Patched vB and don't have any problems with my board.. I do howover, have a couple of comments/questions I'd like answered..

1) Why can't I (we) subscribe (with email notification) to the important forums here, like the announcements. The way things are now, I (we) have to either come here every day to check things out, or wait for an email with an important update.. We should be able to subscribe with INSTANT email notification to important announcements forums.

2) You have a forum here called "vBulletin 3 Fixes and Patches" - But neither of these fixes or patches (init.php, and private.php) were posted to that forum.. I had to dig through long threads to find them.. Why wasn't the "patch" for private.php posted to the "fixes and patches" forum?

And finally, although Jelsoft has done a great job of getting these patches and fixes released very fast, and addressed here on the forum, and have even answered the same questions over and over again, there has to be a process for dealing with these things and getting the message out both consistantly and quickly. i.e. the 'patches' forum not containing the latest released patch..

One solution is to broadcast a detailed message to the ACP like the version release info.. You do a version check, you announce that there is a new version, but offer no urgency or exploit/security broadcasts to the ACP.. overall, it makes it very hard to keep up with issues. Why wasn't the 'patch' posted to the 'patches' forum? What can you do to address these issues moving forward..?

Thanks!

I have only just brought 3.03 and I am debating whether to upgrade to 3-05 or just do the init thing and wait for this big upgrade that everyone seems to be anticipating :)

Question is... is it any harder to upgrade from several changes ago ( ie 3-03 to whatever ) than it would be to go from 3-05 ( or whatever it reaches :) )to whatever the big change will be ?

Does tha make sense ?
Graham

Is it just my imagination or has the search.php file been changed?
The list of new files (from 3.04 to 3.05) does not include search.php.
It does however include newrply.php which does not seem to differ from its previous version.
Any ideas what is going on?

I have upploaded init.php and patched the private.php the php at the server has been upgraded too...
now some of admin panel functions seems not working.. ( usergroups permissions ) will board upgrade solve the problem? TIA

sensimilla

I have only just brought 3.03 and I am debating whether to upgrade to 3-05 or just do the init thing and wait for this big upgrade that everyone seems to be anticipating :)

Question is... is it any harder to upgrade from several changes ago ( ie 3-03 to whatever ) than it would be to go from 3-05 ( or whatever it reaches :) )to whatever the big change will be ?

Does tha make sense ?
Graham

No, all it really requires it clicking Next a few more times. :)

I have everything upgraded in the right order, I think, so I guess I'm thankful for the bug fixes...

I would appreciate a simpler upgrade path, but I guess reading this thread every day is okay...

I find it tiresome that the tarball replaces my favicon.ico every time... It is just another step I have to do to remove that...

A one click upgrade from the control panel would be sweet... :)

Just my 2 cents...

i have 1 error with 3.05
forum OK !!

portal .. not Look ! vadvance ..
You will need to reapply the file edits for vBadvanced.

I use vBindex, which worked fine after the upgrade with no rehacking. <gloat>

sorry..
i not have errror now !!

THANKS :)

will installed languages and styles be un-touched or I will have to install them again ?

thanks

what does this means when i tried to login?

POST requests from foreign hosts are not allowed

what does this means when i tried to login?

POST requests from foreign hosts are not allowed
I got the same ishue. But i had to upload the init file that is reeedone once more. Then it worked.

will installed languages and styles be un-touched or I will have to install them again ?

thanks
Languages/Styles should remain untouch.

i dont know HOW to upgrade, so i dont think i can.

i dont know HOW to upgrade, so i dont think i can.

It's not that difficult. You just re-upload all of the files and then go to www.yourdomain.com/install/upgrade.php and complete the easy process. You may want to remove some image files before you upload them to the server, this way, yours don't get overwritten. (Only applies you use the default style though)

It's not that difficult. You just re-upload all of the files and then go to www.yourdomain.com/install/upgrade.php and complete the easy process. You may want to remove some image files before you upload them to the server, this way, yours don't get overwritten. (Only applies you use the default style though)
Or just download the newer version without the images included. ;)

I have a problem here. Im trying to help a nother with the upgrade. And when i put the custum number it wont go further?

Could anyone help?
This time i goes straight from 3.0.3 to 3.0.5 does that have a isshue?
In the admin panel box it stands vBulletin 3.0.4 Upgrade System:confused:

You need to use the actual customer number for the zip file you downloaded.

You need to use the actual customer number for the zip file you downloaded.
Not hers custom number?

You need to use the actual customer number for the zip file you downloaded. Of course you should be using her zip file and not yours.

You need to use the actual customer number for the zip file you downloaded. Of course you should be using her zip file and not yours.Ok, thanx then we will try that. ;)

Ok, thanx then we will try that. ;)
It still doesent work.

Use her zip file (downloaded by her from the members area) and use her customer number.

It still doesent work.
This is a discussion thread, not a troubleshooting one. Please start a new thread if you need further help. :)

Just curious... why is postcount disabled in this announcement forum? The posts here are as valid as posts in any other forum IMO. :)

I just upgraded from 3.0.3 to 3.0.5. Including the time to upload all the files, it took a total of 15 minutes and everything works great. The few hacks that I had installed were not affected.

I do have one question though. I ran a diagnostics and the only file that still shows version 3.0.3 is backup.php. Is there a reason for that?

Thanks,
Don

This means you did not overwrite the backup.php file with the 3.0.5 version. Reupload that file and make sure it overwrites the one on the server.

Right click on the template editor frame and select "This Frame" then click "Reload Frame" its the simpliest way.
Is there a permanent fix for this?

If you have done that once, it shouldn't be a problem anymore, unless you're at another PC

This means you did not overwrite the backup.php file with the 3.0.5 version. Reupload that file and make sure it overwrites the one on the server.

Thank you Steve. Here's the deal. The backup.php file is in the "admincp" folder. It got uploaded just fine. The backup.php file in the admincp folder on the server is correct. I found that the one that was still 3.0.3 is in the "includes" folder. There is no backup.php in the includes folder in the new package, should I even have that file in the "includes" folder. If so, the upgrade script must put it there and didn't for some reason. I've uploaded the newer version to the includes folder and all is well but just curious.

Don

Thanks for the update.

Thank you Steve. Here's the deal. The backup.php file is in the "admincp" folder. It got uploaded just fine. The backup.php file in the admincp folder on the server is correct. I found that the one that was still 3.0.3 is in the "includes" folder. There is no backup.php in the includes folder in the new package, should I even have that file in the "includes" folder. If so, the upgrade script must put it there and didn't for some reason. I've uploaded the newer version to the includes folder and all is well but just curious.

Don
The upgrade script doesn't do anything to the files. If you have a backup.php in the includes folder, then just delete it. It doesn't belong there and it must have been copied by mistake.

has anyone had any issues with "Verify Email address in Registration" not being sent... i'm having a few reports now of users not getting them, before i upgraded i had no outstanding accounts, since the new upgrade i have had 5 waiting out of 6????


Edit... I made a copy of my database though mysqladmin, and then did a fresh install. After which i pulled in user, forum tables etc manually... not sure if this could effect anything.

A reminder that this is a discussion thread. If you have a problem, please start a new thread in the appropriate forum.

Hi guys,

I'm new to VB and I'm runnng 3.0.3. Do I have upgrade to 3.0.4 or go straight to 3.0.5?

Thanks

Ben

I do believe you can go straight to 3.0.5.....

Is there going to be a 3.0.6. or any others released soon? I have a lot of hacks that would be a pain to re-install after upgrading to 3.0.5. if I have to do it again with another version.

Thanks Bill.

I think VB should do something like phpBB do: Give the forum owners one of those "find this", "above add" files so they can make the changes themself.

However Ras, it says that you can download the init.php for a patch... http://www.vbulletin.com/forum/showthread.php?p=792983

Good luck Ras :)

Hi guys,

I'm new to VB and I'm runnng 3.0.3. Do I have upgrade to 3.0.4 or go straight to 3.0.5?

Thanks

Ben
The upgrade process will take you from 3.0.3 to 3.0.4 and then from 3.0.4 to 3.0.5 all as part of a single process.

so they can make the changes themself.

Umm, we/they do do it ourselves...

I also noticed your posts are not getting counted.....

I also noticed your posts are not getting counted.....
Post count doesn't increase in the Announcements Discussions forum.

Is there going to be a 3.0.6. or any others released soon? You'll never get an answer on this, as it would cause problems if it were to get delayed. :)

Is there going to be a 3.0.6. or any others released soon? I have a lot of hacks that would be a pain to re-install after upgrading to 3.0.5. if I have to do it again with another version.

I doubt it, unless they find a major security flaw in the current version, the next version will probably be the big feature release.

I doubt it, unless they find a major security flaw in the current version, the next version will probably be the big feature release.

And I wouldn't mind betting that that wont be for a few months. If I worked for VB i would be feeling a little sensitive right now about the frequency of recent updates ( even though I know it is not their fault and they are only doing it to help us etc ) and would let things calm down a little first :)

i see somthing wrong here when i read some threads some of it not shown

and all Quotes even not shown is there proplem with me or from the forum

i add some pic

What browser and OS are you using? I am not getting that.

What browser and OS are you using? I am not getting that.

had the same problem myself with my installation, some members reported this weird behaviour, found out it only happens with MAC IE, not always .. but when it happens it happens with MAC G5 OSX

Right click on the template editor frame and select "This Frame" then click "Reload Frame" its the simpliest way.That works and all, but it's a PiTA. With 3.0.3 I could display the templates as regular bulleted text links without all the fancy menus and whatnot. I could have sworn there was a setting I changed somewhere to get it like that, but I don't see it in 3.0.5. I just want things back the way they were, nice and easy. Any info on how I can do this?

There was no setting before, there is a way to get the old way back but not with out a file edit.

"Supercedes (UK spelling) not slang, it's a valid word in the English language in the USA it's spelled it Super(s)edes and it means "take the place of or move into the postion of."

That works and all, but it's a PiTA. With 3.0.3 I could display the templates as regular bulleted text links without all the fancy menus and whatnot. I could have sworn there was a setting I changed somewhere to get it like that, but I don't see it in 3.0.5. I just want things back the way they were, nice and easy. Any info on how I can do this?

Here is a rough way to do it:


Find: (in template.php in the admincp)
empty($enhanced_template_editor) OR (
Remove it.

Then on the same line, remove one of the ) at the very end.

That way it will call the standard template editor instead of the enchanced. :D

thank you very much

Just reporting that all went well. Went from 3.0.1 to 3.0.5, from the time of backing up database, uploading files and running the script 30 minutes. No issues.

Thanks vBulletin team!:D

It took 10 mins to do the upgrade now lets see haw long it takes to fix the hacks :(

None of my hacks were affected.

rokkyu

Here is a rough way to do it:


Find: (in template.php in the admincp)
empty($enhanced_template_editor) OR (
Remove it.

Then on the same line, remove one of the ) at the very end.

That way it will call the standard template editor instead of the enchanced. :D
Awesome, I'll have to give it a shot later. Thanks :).

upgraded this morning from 3.0.1 to 3.0.5 with no issues....

...well...other than forgetting to reinstall the curse filterhack...apparrently some people were #$%#$%% that they were beingfiltered...hehehehe

I like the Admin Notes info, since it's now easy to list the 3 hacks Ihave and track the files they effect and the links to the sources atvbulletin.org

thanks!!

vBulletin 3.0.5 is (unfortunately) no longer the current release.

vBulletin 3.0.6 has just been released, and can be discussed here (http://www.vbulletin.com/forum/showthread.php?t=127029).