This thread is for discussing the release of vBulletin 3.0.14.

Please use this thread to talk about things you like or installation experiences etc., but please do not use this thread to post troubleshooting queries or bug reports. These threads tend to grow very large and bug reports etc. tend to become lost and will not get attention from the support or development teams.

For troubleshooting and bug reporting, please use either the vBulletin 3 Bug Tracker (http://www.vbulletin.com/forum/bugs.php?) for reporting and tracking bugs, or the vBulletin 3.0 forums (http://www.vbulletin.com/forum/forumdisplay.php?f=54) for general queries and troubleshooting.

Hey thanks for the little update, Kier! :)

Nice to see this branch is still being supported.

Thanks for updating.

thanx 4 updatting

Thanks for the update!

Thanks for this update ;)

Thanks for the updating

Nice to see this branch is still being supported.
Isn't it only being supported by way of security exploits? I mean, it's not actually being developed any further, right?

Isn't it only being supported by way of security exploits? I mean, it's not actually being developed any further, right?


Correct

Isn't it only being supported by way of security exploits? I mean, it's not actually being developed any further, right?
Not as 3.0 no.

In effect, it *has* been developed further...into 3.5!

If you've not got too many hacks installed on your 3.0 board then jump to 3.5, it looks almost the same to the naked eye but it's much easier to use from an admin perspective.

If you have a lot of hacks installed...welcome to your worst nightmare! Where nobody can hear you SCREAM!

Not as 3.0 no.
If you have a lot of hacks installed...welcome to your worst nightmare! Where nobody can hear you SCREAM!
Ok that's possibly just a LITTLE over-dramatic, sorry! :D

If you have a lot of hacks installed...welcome to your worst nightmare! Where nobody can hear you SCREAM!

You always have the option to patch your forum without losing your hacks.

what exactly does this mean?


This release of vBulletin fixes an unpleasant cross-site scripting flaw



What is the worst that can happen if this bug is exploited?

The universe reboots and your stuck at a command prompt...

The universe reboots and your stuck at a command prompt...

... you type in "win" and hit the enter key and all is good :D

What is the worst that can happen if this bug is exploited?

Can't tell you what the worst is, but it was possible for users to execute JavaScript, which is something you don't want no matter what.

cross-site scripting flaw had been hearing a lot about same, but never literally seen any vbulletin customer effected by same...
great work from devs of VB.

They can get your cookie password which gets them access to your board, they can't get into the admincp since that requires an actual login so that the loggedin value in the session table is set to 1 to indicate a session with an actual login and not a cookie based session regeneration.

You always have the option to patch your forum without losing your hacks.
Yes you do, but I was advocating an upgrade from the 3.0 series to the 3.5 series, and pointing out what a nightmare this can be if you have many hacks.

An upgrade within the 3.0 series, whilst still tricky with hacks, is less bad as in most cases you can use Beyond Compare. That obviously won't work if moving to the 3.5 series, which is what I have just done. And sheesh what fun that was! But it was worth it.

Yes you do, but I was advocating an upgrade from the 3.0 series to the 3.5 series, and pointing out what a nightmare this can be if you have many hacks.

An upgrade within the 3.0 series, whilst still tricky with hacks, is less bad as in most cases you can use Beyond Compare. That obviously won't work if moving to the 3.5 series, which is what I have just done. And sheesh what fun that was! But it was worth it.

I waiting for one more hack to become stable before I start the upgrade.

In showthread.php
line 339

// ************************************************** *******************************
// do word wrapping for the thread title
if ($vboptions['wordwrap'] != 0)
{
$thread['title'] = fetch_word_wrapped_string($thread['title']);
}

$thread['title'] = fetch_censored_text($thread['title']);


You added the last line, which made the if statement useless.

This was the case in includes/functions_forumdisplay.php too.

Not a big deal, but if what you were fixing had to do with security, you may want to revisit the purpose of this line.

Forgive me, maybe you've fully researched the purposes of the two functions fetch_word_wrapped_string and fetch_censored_text, but I don't see how that code is "useless". It seems to perform 2 different functions. If the IF statement is true, then two different things happen to $thread['title'] in succession.

You're right!

I think I was confusing two pieces of code. I'll have to go back and check, but as I recalled the first one, it SET $thread['threadtitle'] = $thread['title'] so it looked like it was resetting the variable in the if statement.

The code in this one was almost identical so I didn't scrutinize it. My bad.