Discuss away...

Please post relevant questions in the troubleshooting forum!

John

Final v2 version correct?

Originally posted by Valkyre
Final v2 version correct?

I would hope so. :p

gr8 :)

lol its back up :)

whats new in this version?

vBulletin 2.2.3 is a small but very important upgrade. It fixes a number of small bugs, but more importantly it fixes a potential XSS (Cross-site scripting) issue.

Nice!:)

Can't wait for vB3.:D

Also, just wondering...this doesn't have any modified images, correct?

No.

What is this XSS thing? :confused:

http://httpd.apache.org/info/css-security/

i must have downloaded 2.2.2 like an hour before you put 2.2.3 up... good thing I didn't get around to installing it yet.. lol

which global.php file is the important one to upgrade? /forum/global.php or /forum/admin/global.php ?

I have spent over a week already applying hacks to the current version and can't face going through the whole process again. :confused:

Is there any way I can simply apply the security part of this upgrade (preferably manually to the relevant PHP files)?

Both global.php's as well as functions.php would be vital though I can in no way say that your forum will function properly or be secure unless you replace ALL of the files.

yes to know what areas of the php files were changed so those of us that have hacked our boards can just apply those pieces needed. I know there are those software packages that you can compair the two files etc. I dont have the bucks to pay for yet another registration on another piece of software.

If you're just manually uploading a few files (that is, global.php/functions.php), make sure your editpost/modifyavatar/newreply/newthread templates *don't* have $enctype in them -- you won't be able to attach files because that variable will never be set.

Originally posted by GMTalk
yes to know what areas of the php files were changed so those of us that have hacked our boards can just apply those pieces needed. I know there are those software packages that you can compair the two files etc. I dont have the bucks to pay for yet another registration on another piece of software. You can generally find that information over at vbulletin.org

Hope I can get that info....

How do we tell 2.2.3b from 2.2.3? :(

What is the "the mysqldump utility" that can be used to do a back-up

Originally posted by freddie
You can generally find that information over at vbulletin.org

Not to sound like an ass, but shouldnt a change log be provided? Most software that i have purchased for clients/businesses and self that have had updates provide change logs for the people that bought it. I also remember that this similiarly was provided here for those of us that did not want to upgrade to v2.2.2 when it was released.

There is a loose changelog available in the members area.

We are not posting details about the exact changes for security reasons. We would rather have people uploading the whole file and getting security fixes right than doing a half-baked job by hacking. The functions.php is fully compatible with 2.2.0-2.2.2 so there should not be issues there unless you have hacked functions.php, in which case you may have to reapply your hacks to that file.

John

upgrade from 2.2.1 and no probs here
later :)

Hi John mentioned 2.2.3b. The download section only has 2.2.3. I just downloaded 2.2.3 file php ver. a few minutes ago.

Is that fine?

Originally posted by ubbuser
Hi John mentioned 2.2.3b. The download section only has 2.2.3. I just downloaded 2.2.3 file php ver. a few minutes ago.

Is that fine? Yeah, you're fine.

John just changed how it's listed in the members' area to remove any confusion. Keep in mind that your version will still show up as just 2.2.3 though.

Been waiting for this! Now I can re-do my forums! :) I'm guessing that since this is only a minor release that most hacks will work for this?

ENCTYPE="multipart/form-data" issue _isn't_ resolved in the admin forms (i.e. in user.php for one, not sure which others)

Upgrade went really smooth from 2.2.1, but only 1 hack (http://www.vbulletin.org/hacks/index.php?s=&action=showhack&hackid=21) isnt working right. Guess I'll have to reapply.

"We
seriously recommend that you upgrade immediately, most
importantly your functions.php and global.php files."

So now your telling me that I really shouldn't just update those two files???

there are more files changed and templates are changed as well. I have set it up on my test forum to see what changes there were.

There is more to it than those two templates

Well then how about a release JUST to fix the security problem. My board was running fine typos and all... If there were any bugs they didn't bother me or my users.

I REALLY didn't want to have to rehack the thing again or touch ANYTHING until V3 came out.

I like the board to just run...

yes....i think i'll stick with 2.2.1 until vb3 comes out.....i just added alot of hacks.....yesterday O-o.

you are preaching to the choir on this. that is why i am loading and retesting on my test board. So i can get it done and just upload the files needed. I already asked about the change file and you can see John's response.

We are not posting details about the exact changes for security reasons. We would rather have people uploading the whole file and getting security fixes right than doing a half-baked job by hacking. The functions.php is fully compatible with 2.2.0-2.2.2 so there should not be issues there unless you have hacked functions.php, in which case you may have to reapply your hacks to that file.

that is why i am having to do what i am. :(

So for a small forum like mine, should i really upgrade or just wait for vb3? I don't want to go through all the trouble because I don't think I have any members out to get me yet, so the security issues shouldn't be a problem.. and I have as of now 14 hacks installed and numerous undocumented (by me) changes I have made.. But Q2 is what? June? That is probably a feasable wait time... I dunno John/freddie/ anyone else who is educated on this can give me a suggestion?

Thanks,
~Naf

Originally posted by Nafae
So for a small forum like mine, should i really upgrade or just wait for vb3? I don't want to go through all the trouble because I don't think I have any members out to get me yet, so the security issues shouldn't be a problem.. and I have as of now 14 hacks installed and numerous undocumented (by me) changes I have made.. But Q2 is what? June?

Thanks,
~Naf

Q2 is begining of April - end of June

I can tell you that these template changes are a pain in the butt to. Ohh and i have some hacks that are homegrown. Not going to be fun.

I uploaded all the files, minus the config.php for obvious reasons, but the board still says 2.2.2 in the footer and also in the admin.

light of brilliance shine on me....

j

comparing two files...

on Unix/Linux use diff file1 file2
if the first character is '<' the line is in file1 and not file2
if the first character is '>' the line is in file2 and not file1

on Windows (I've got M$ Visual Studio 6)
Start > Programs > Microsoft Visual Studio 6 > Windiff
File > Compare files...
Same type of indication...
'<!' file1 not file2
'!>' file2 not file1


Take a file from the release of your current install and compare to the 2.2.3 release, and you'll have a list of changes.

I'm sort of new to upgrading... do you just overwrite the files when you upload? Also, if this is what you do, do you run the upgrade scripts before or after uploading? :confused:

Sorry if these seem silly, I'm not as advanced as some of you here :D

Better wait for another day, in case of vb 2.2.3c come up :D.

IMO, this is serious issue that can't be waited for v3.0 come out. But vB has done their job, upgrade or not, it's your choice.

What are the files that have been modified. I am one of those users with a hacked up board and need to know which files in specific to modify. You list templates changed in the announcement but not files. Any help would be appreciated!

I dont have to upload the graphics, do I?

no, it's just file updates

This means I have to rehack but oh well :D

Better be worth it :p

(as in no problmes occur, which would be my fault if they did anyway) :p

GW vB team

I'll wait for vB 3 with the one forum... too many hacks by too many different admins ;)

Could anybody give a sneak preview of what are new features in version 3.0? Since there is only about 2 or 3 months away, I think a few people already knew about it.

Two questions about this upgrade:

1. Did they fix the badwords.php issue that was discussed on the forums - where the "quote" and some other words were being saved in the search index, making it bigger than it should be? Has this issue been fixed, or should I re-add my badword list that I made as a result of the thread here on vB.com.

2. If I am upgrading one of my sites from 2.03, do I need to email the team or can I use one of the upgrade paths? In the member area it says that if the version is older than 2.0 then I need to email, but in John's post it said if it was 2.03 or older I need to email. What's the scoop?

Thanks!

I have installed vBulletin forum version 2.2.2.
Are there any changes in the database structure in version 2.2.3?
And if there are then which?

Same problem here.. There is any way to update ONLY the security things ? I spend allot of time "hacking" my forum :D :confused:

Hi John,

Thank you very much for the new version, installation/upgrading went very well, no errors what so ever. The only downer I found was the whole forumhome template that needed to be reverted. Bummer! But I matched the new template with the old one and found the changes and was able re-apply the template hacks pretty easy. So no harm done :) I am running vBulletin 2.2.3 with proud!

Question: Is it save now to let users upload custom avatars/ attachments now? Even if my hosting provider did not fix PHP yet?



Everybody,
do not forget to go to the User Control Panel on vbulletin.com (and/or vbulletin.org) and reflect the version used to 2.2.3 ! :) -- and maybe your signature --

I'll probably just wait til this weekend to upgrade. That way I will have more time. Since templates are unaffected, I can just re-apply all the hacks and by pass the SQL queries and template modifications. Just re-hack the files. But after this, I may be at 2.2.3 for a long time. re-hack at each update gets annoying. I guess I change my sig to "v2.2.3 4 Life" ;)

there's a typo in upgrade16.php file

<li>Upgrading from vBulletin 2.2.1: run <i><? echo createupgradelist(15,$scriptnumber); ?></i>
<li>Upgrading from vBulletin 2.2.1: run <i><? echo createupgradelist(16,$scriptnumber); ?></i>

Where is the list of PHP files that changed?
Please I need this list, I have a lot of hacks and I don´t want to compare ALL the files...I did it for version 2.2.2...two weeks ago...

are the vb2.2.2 hacks gonna work on vb2.2.3b?? plz, really need help on that one!!!!

I installed a lot of hacks.. and I mean a lot of hacks, I don't wanna lose any of them!!

Though upgrading is a PITA with a hacked board, I REALLY appreciate that the vB Team is watching out for me, security wise.

Thanks guys!

Just upgraded it this afternoon and also reapply all my hacks...which include PM preview/download, world time as well as welcome panel.

Also updated the "$entype" for the few affected templates

Hi, in currently running 2.2.2 I took out the enctype="multipart/form-data"
from these templates:

editpost, modifyavatar, newreply, newthread

Now, if I want to upgrade to 2.2.3, and I do not want to revert the templates (as the same templates have other mods I do not want to repeat for all copies :rolleyes: )

Should I just go with the install16.php script, and then modify the above templates to add $enctype to all the templates above where it should be (just one occurence per template if I remember correctly) ??

Thanks!

We've just upgraded from 2.2.1 with the spanish templates we made, and a few hacks re-added.

Thx vB Team!

You need to run upgrade16.php from your browser as well when you upgrade, just like you did for install.php when you installed vB.

for the security fix is it the global.php file in the admin directory or regular directory?

Also, are there certain lines that pertain to the hole that we can just replace instead of upgrading for those who's boards are hacked to the hilt?

everyone should have a test site, where they can test the upgrade...its the best way to go

Originally posted by Koss
everyone should have a test site, where they can test the upgrade...its the best way to go

Everyone don't have the resources. I'm limited to 1 database on my hoster.

A small security update huh, then why do I have to install EVERY script in the 223 update? When over 90% of vBulletin users have anything from one to god knows how many hacks installed, you would think a simple update script or a manuel update explanation would be sufficient. Don't want to give anything away? then e-mail your subscribers with the fix. What is it? 3 files and four template changes.

When Microsoft produce a SP they don't ask that you slipstream it into XP and re-install your system.

Originally posted by centris
A small security update huh, then why do I have to install EVERY script in the 223 update? When over 90% of vBulletin users have anything from one to god knows how many hacks installed, you would think a simple update script or a manuel update explanation would be sufficient. Don't want to give anything away? then e-mail your subscribers with the fix. What is it? 3 files and four template changes.

When Microsoft produce a SP they don't ask that you slipstream it into XP and re-install your system.

Well, even if it's too much to e-mail subscribers, have a textfile on what to change in each file (as if it is a hack). To must of us, it is just code anyways and don't know what it means.

Upgraded from 2.2.1 to 2.2.3b without any problems.

Thanks VB team for keeping on top of the security issues and putting out fixes so quickly.

Originally posted by lifesourcerec

Everyone don't have the resources. I'm limited to 1 database on my hoster.
you dont have to use your current host to make a test site, there is lots of places where they give hosting for free....but of course since you dont pay them you dont get much space, bandwidth, etc. But that doesnt matter since you will using that site only as a test site, hence you wont be using much space at all.

Originally posted by Koss

you dont have to use your current host to make a test site, there is lots of places where they give hosting for free....but of course since you dont pay them you dont get much space, bandwidth, etc. But that doesnt matter since you will using that site only as a test site, hence you wont be using much space at all.

A FREE host with PHP, mySQL and true FTP access? Please share! I'd love to have a test server.

vB people have restricted talking about PHP free host due to pirate issue.

Fine, my PM box is waiting. I have yet to find such a host anywhere.

Originally posted by jgrillone
I uploaded all the files, minus the config.php for obvious reasons, but the board still says 2.2.2 in the footer and also in the admin.

light of brilliance shine on me....

j

Run admin/upgrade16.php, then delete install.php and all of the upgradex.php files.

Upgraded from 2.2.1 to 2.2.3b with no problems. Thanks!

So many have asked this question yet I haven't seen an answer: In this 2.2.3 which files are updated from 2.2.2?

Those of us who hacked our boards into pieces need to know which files are updated!!!

I have a problem... I am upgrading from v2.2.2 to v2.2.3b. I ran upgrade16.php successfully but in the Control Panel it still says v2.2.2 and that I need to upgrade... any ideas?

Originally posted by ForzaGrifo
So many have asked this question yet I haven't seen an answer: In this 2.2.3 which files are updated from 2.2.2?

Those of us who hacked our boards into pieces need to know which files are updated!!!

Bottom of "Download" page in "Members Area":

If you have hacks installed and would like an overview of changed code, you should try out Beyond Compare. The website is: http://www.***************.com/ (Look in Download for website)

We also recommend Araxis Merge - it's even better than BeyondCompare.

Originally posted by Krakken


Bottom of "Download" page in "Members Area":



I don't see the list of files there mate. :confused:

Smooth upgrade from 2.2.0 to 2.2.3b :) Spent plenty of time and patience with Beyond Compare and got to see all the typos and "recommend" changed to "recommended" in plenty of places. :D

Good work.

I know I sound stupid for asking this, but I'm a first time upgrader. What files do you upload for 2.2.3? Just the admin files or all of them?

... why don't you guys read , at least, John's post.... his post covers all basis of upgrading/installing/what to note and what not... The answer is out there.

Originally posted by klisis
... why don't you guys read , at least, John's post.... his post covers all basis of upgrading/installing/what to note and what not... The answer is out there.

I just spent over 2 hours going through every script, using beyond compare. The global.php (2) and Functions.php ARE NOT the only files that have changed. They may be the main issues regarding the security fix but that is not the end of it. I still have not sorted out the template changes YET. I run vbPortal and there is a major issue for me in the newthread.php script (due to a change) So far I have re-hacked 6 files. So it aint as simple as you seem to think. A few pointers in the right direction would have saved me hours of work. AND I HAVE NOT UPGRADED YET :mad:

centris - No one ever said only three files were modified. We only said those files were crucial for security reasons. No one is forcing you to upgrade so if you are having issues with our product release schedule than stay at whatever version you are currently using. I fail to understand what you are looking for as you modified our product which precludes you from receiving support. We surely aren't going to assist you in upgrading the software after you modified the product. If you failed to grasp this before deciding to alter the product than you should have re-read the license agreement as far as support goes. Frankly, we do our best to make sure that any potential security issues are dealt with as soon as we become aware of them. We are unable to consider your willingness to paint yourself into a corner by not detailing what you modified and how to redo the modifications in future versions. I am glad that some users in this thread appreciate us releasing new versions as soon as we become aware of potential problems.

This should be the last release in v2.2.x so I hope this is the last we ever hear of this type of uproar.

The v3.0 files contain the CVS version numbers which means that one can quickly determine what files have been modified. That will be the most assistance you will receive from us as far as a file by file changelog goes. We understand that people love to hack vBulletin but you must also understand that we clearly don't support it and yet such angry messages are directed to us after every release.

What's this "Beyond Compare" that people are talking about? I might be interested in this :)

I believe the software "compare"s given files and detect/show you what has changed between files. Apparently, it seems the software is useful for forum with lots of hacks.

Originally posted by Radon3k
What's this "Beyond Compare" that people are talking about? I might be interested in this :)

For our solution, a totally hacked 2.2.2 w/vbportal front end, was to use "beyond compare" (a product recommended by VB), and compare the components between the two.

For the same reason that was mentioned above, I'm not going to name the components that are different, but I will tell ya that beyond compare was what made it only take about 2 hours!!

BUY IT!! Best 30 bucks you can spend, if you hack your boards!!

And get Tubedogs Template backup, it's PERFECT for things like this !!

I'm lucky enough to have a test server, and have had a realtively smooth rollover 2.2.2 to 2.2.3 , considering I just finished a full months prep with a rollout of 2.2.2 just last saturday!

I know y'all dont want to talk about the security fixes, but can you be a bit more specific about the performance fixes ??

Where can I find this "Beyond Compare" product?

Originally posted by Radon3k
Where can I find this "Beyond Compare" product? let google be your friend:

http://www.scootersoftware.com/

Originally posted by bitbender
And get Tubedogs Template backup, it's PERFECT for things like this !! Where can I find that?

Thanks!
:) Jennie

Freddie, is it so difficult to understand what a load of folks are saying here. A small security update, all upgrades since my first version 2.1 necessitated a complete re-install of the product, based on the first sentence of the install instructions (upload all files etc.) And yes it is uproar, with good reason. And I object most strongly that you try to justify this method of upgrade by stating I am glad that some users in this thread appreciate us releasing new versions as soon as we become aware of potential problems. I took part in the Ikonboards beta programme, there were several release candidates, NOT ONE of them required the re-install of the complete board, even when it went gold. Name me ONE other major piece of software that requires a full install of all scripts for a security update, and minor bug fix. And yes I do appreciate Jelsoft's response time to such issues, and yes people do love to hack, it is precisely these features and ease of customisation that makes vBulletin the leading Forum software. Yet you fail in your upgrade method to acknowledge this fact.

On an unhacked board, upgrading is as simple as uploading a few files and running an install script. How much simpler can things be?

The problem you are facing is because you did make modifications to your board (as did most of us)..... With all the hacks out there, it would be impossible to guess which ones a user has installed, let alone predict the best way to go about the upgrade.

Of course, you could be provided a list of the source code that was changed, but when did you ever see MS do that? Why would anyone want to waste thier resources going through this excersize when it was already compiled into the neat install.

I am not trying to get on your case as our board has quite a few hacks as well and upgrading will be difficult, however I am trying to point out that it isnt nessasarilly Vb's fault and venting on them doesnt make anyone's life easier.

---------

Now onto my question. Does this security hole impact vb 2.0.3 users as well?

Originally posted by GMTalk
there are more files changed and templates are changed as well. I have set it up on my test forum to see what changes there were.

There is more to it than those two templates

Do you know which templates are changed? I don't mind re-hacking the files, but would like to know which templates I will have to re-edit.

there is no reason to be mad at jelsoft for their handling of upgrades. difficulty upgrading due to third party hacks is in no way jelsoft's concern, nor should it be.

I upgraded my board in less than an hour last week with Beyond Compare, despite the fact that I have well over 100 undocumented code hacks and modifications, the vast majority of which are not released on vB.org or anywhere else.

It does not take long to upgrade if you use Beyond Compare or Araxis Merge.


GMTalk: Which other templates do you think were changed? All templates that we changed were documented in the announcement.

I'm afraid our upgrade process is one thing that is not going to change. It would take us too long to compile a complete code change listing for each release (if we did that then you'd never see vB 3 released as we'd still be working on the code change list in 5 years time!), and the fact that we very quickly release updates when a major problem is found is appreciated by many of our customers.

I didn't want to upgrade - I've been on 2.2.0 for ages now and wasn't planning to upgrade again before vB 3. We're all in the same situation here; I didn't have a file-by-file changelog or anything like that, just the way you didn't.

i cannot help but add my thirty cents to this, and I do apologize if this may piss somebody off, but frankly, im tired of seeing good points addressed, being dismissed as some out of bounds thinking.

Centris, brought up some very good points, many which I agree with, however, those who hardly script addons to their board, usually drowned out the valid points that were brought up, with praises of how smooth the upgrade went.

I have, since the issue with the encryption upgrade, been real weary of updating anything here until at least a week or two after its release.
The reason being, is even with everything documented, line per line drawn out, all code set and copied aside for insertion into the new script, it still took me close to 5 hours to plow through every file that I had modified, or templates that have been changed.

Now...the point that Centris brings up, and one that I agree with, (as well as a few other people that wont bother to say anything)
is there should be no reason what-so-ever to upgrade a whole board for even 30 script changes.
I would pay 50.00 extra just to have a detailed fricken list of the script snippets to add or change. Its that simple. Why, and I ask myself this since the encryption fiasco, upgrade what seems to be once every two months a full script overwrite, to a perfectly working board?

Now, before you come down on me with the wrath of God for that comment, please keep in mind, that I agree with security, and the best for everybody, which VB has done to this day, however, providing nothing but full script overwrites in every facet of the script directory is what thoroughly pisses me off.

That to me is just to damned much. I mean, test board or not, a person should not have to constantly work on keeping your board online because of a change to a few files.
Most of the time, a couple of lines in fact are the only changes..so, why replace a whole godamned script, for two lines of code?
It just does not make sense to me, and it never will.

Simply put, since I purchased Vbulletin the first time around, and produced my first hack, I havent quit learning PHP, and now, i feel pretty proficient at it, so much so, the combined hacks, scripts and other addons to my board, are well over 100...i cant even count how much has been added to that board. For that, by reading the responses in this thread, I should be penalized in any upgrade attempt, due in part the only way to know those changes, is to sit with a comparison product to point those changes out.
Why? Why should one have to buy another piece of software, to compare notes in another piece of software that has been purchased, when the upgrade itself, is only to a few files?

The main point here, and I emphasize this point, is that a members area, was supposed to be the last bastion for those who supported this company, in which some of those things that could not be made public to prying eyes, could in essence be presented within, and thus, give the paying member another glimmer of hope in having exclusivity into their product.
Script snippets of the changes, contained in a text file, with line numbers of those changes, and files that were modified, would be more than enough to please me, and probably a great deal of people, that are contemplating security over trouble and hassle of upgrading.


It wouldnt bother me one bit, if i ran a out of the box board, but since day one, I never had that intention, and neither did half of the people that are now what it seems to be "Unsupported" due to adding a few hacks to their board. I can say this much, if it were not for the hacking aspects, or the scripts that one can produce with this software, I would of went with another company. To brand the typical approach at every question "You added hacks, so now you lost the rite to endure a easy upgrade...its your fault, now screw off" is bs.
Everybody at this site, has at least one hack on their board, and nobody should be limited to a painless upgrade or request to make things easier for their upgrade because of those hack(s).

Quite simply, there is a members area. The changes to those scripts, could be easily documented, as the changes are made, line numbers and all.
Templates as well could be more defined in what or where was changed, or what variable was added to them, or why it was added there to begin with.

Slowly, inch by inch, I start resenting the contradictions that go on here, which could benefit the supporting memeber down the line in many many ways.
Hacks are not supported, but yet, without a few of them, the features would be quite a bit less on the vbulletin software total package.

Portals is from what i understand, unsupported software, but yet, vborg has a portals type front page...

From what i have always understood, opinions, and contributions are what move, or progress one to meet the demands of the customer. Mostly in this case, paying customers, and hackers, give vb a real nice shine to a already nice wax.

Whatever be the case, I find that any reasoning, for making it easier to the paying member who supports the software, has a few hacks, and wants to make it easier to upgrade, a priority no matter what the reasoning is against it.

ToraTora!, the amount of time you spent writting your rant you could have upgradded you're board. True?

see, now this is what i am talking about.
Never meet half way in the middle on something, just stomp on the person that suggests something, and go from there.

Frankly nimblenuts, i can type faster than look through close to 78 scripts with on average 500 lines of code for changes that may or may not be there.

Let me also ask...did you read any of it? Or did you throw your 12 cents in on something that doesnt concern you in the least.
Remember, templates are not considered hacks. ;)

ToraTora!, I read it all and agree to a certain extent. I've already suggested some features that would make it easier to deal with hacks, but it was promptly shot down as a misguided interpretation that vB.com, its community and Jelsoft would be seen as encouraging hacks. God forbid that should ever happen! :rolleyes:

Incidently, isn't it funny how John praised the same hackers to high heaven in the recent interview at SitePoint? Anyone else see conflicting points of view here?

Originally posted by ToraTora!
I would pay 50.00 extra just to have a detailed fricken list of the script snippets to add or change

Well buy Beyond Compare or a similar product. You'll get change from 50.00 and you'll be able to use it everytime you have to upgrade.

Originally posted by ToraTora!
Why should one have to buy another piece of software, to compare notes in another piece of software that has been purchased, when the upgrade itself, is only to a few files?

I thought you would spend 50.00 on a changelog? Oh hang on, I see you're point. I think I will compain to my web hosting company for offering me a system which hosts html but requires me to buy a HTML editor! Get serious, these are tools which help you perform you're role as a webmaster.

Originally posted by ToraTora!
see, now this is what i am talking about.
Never meet half way in the middle on something, just stomp on the person that suggests something, and go from there.

Frankly nimblenuts, i can type faster than look through close to 78 scripts with on average 500 lines of code for changes that may or may not be there.

Well why didn't you document you're changes? Why did you make changes to your board knowing that a new version would come out one day?

Originally posted by ToraTora!
Let me also ask...did you read any of it? Or did you throw your 12 cents in on something that doesnt concern you in the least.
Remember, templates are not considered hacks. ;)

Yes, I did read all of it, and I agree with what you are saying. But you obviously didn't read that in vB3.0 CVS (which I do not fully understand) will be available to show changes to the code. You've already been told to use Beyond Compare if you have hacked you're forum. It will tell what has changed anyway pretty much like a changelog. You see, the problem is that running high spec forums has been made too easy, and nibblenuts like me can perform an upgrade.

To turn the other cheek, I felt you're pain in the upgrade. But these things have to be done, and if you really have a solution to this problem I suggest you become more positive and make a suggestion to the vB team.

Originally posted by Fusion


Incidently, isn't it funny how John praised the same hackers to high heaven in the recent interview at SitePoint? Anyone else see conflicting points of view here?

No, because it has nothing to do with the release of 2.2.3 .. (offtopic)

yeh, i dont know...its really tearing me apart. I know i have to upgrade, i mean, thats a no brainer, but like i said, it took close to 5 hours with the last upgrade, and it coughed out half way through the upgrade, which cut the SQL for the "forum leaders" out, while also screwing up my private forum settings..so...i am a little hesitant to start tearing into this, while also carrying on with the lingering thought of "The minute i do this, is the minute they release another version"

Im in no mood, to go trudging through all of those scripts rite now...

Originally posted by Martz


Well buy Beyond Compare or a similar product. You'll get change from 50.00 and you'll be able to use it everytime you have to upgrade.


Its kind of like buying a (4) 50 inch tires for your pickup. Its fun for the first couple of days, and you swear to god that the use justifies the payment, but in the long run, you wind up taking them off, and throwing them in the corner, just like i have done with close to 4 other "Must have" software utilities.


I thought you would spend 50.00 on a changelog? Oh hang on, I see you're point. I think I will compain to my web hosting company for offering me a system which hosts html but requires me to buy a HTML editor! Get serious, these are tools which help you perform you're role as a webmaster.


Quite blowing **** out of proportion. That is not even a compariable proximity.
Thats like saying "I cant read, but im going to buy some books so i can learn"


Well why didn't you document you're changes? Why did you make changes to your board knowing that a new version would come out one day?

now i know you didnt read anything i wrote, because i stated that in the above piece that you are now criticing.
You act like I just bought Vbulletin, or just started coding yesterday.


Yes, I did read all of it, and I agree with what you are saying. But you obviously didn't read that in vB3.0 CVS (which I do not fully understand) will be available to show changes to the code. You've already been told to use Beyond Compare if you have hacked you're forum. It will tell what has changed anyway pretty much like a changelog. You see, the problem is that running high spec forums has been made too easy, and nibblenuts like me can perform an upgrade.


Yeh, how about "now" being the key word here. Im afraid by the time 3.0 comes out, my patience for such lack of understanding for the consumer here, may have finally run out.
Whos to say there wont be 12 more add on patches between now, and 3.0?


To turn the other cheek, I felt you're pain in the upgrade. But these things have to be done, and if you really have a solution to this problem I suggest you become more positive and make a suggestion to the vB team.

Maybe you should read all of my posts here before you start treating me like some newbie who just learned how to add a hyper link in my forum home template.
The points brought up are valid, and as such, should be voiced. If there is only to be asskissing in a thread for open "discussion", than Vbulletin will never progress, because they will be under this false impression that everything they do here, is as good as golden, which persons like yourself will stand in every faction to argue, and insult those who wish to add their opinions, by stating time and time again, regardless of what they release.."Its great!!! and you who voice displeasure suck!"

I mean, if indeed we are going to blow wind up each others asses here, and pretend that a snippet function for improved vbulletin code wouldnt be beneficial to all, than fine, i will follow suit like everybody else in here, and stand at the shrine of asskissing, and say "Great job! thanks a bunch!"

part of the problem...christ man......whatever...

Originally posted by xiphoid


No, because it has nothing to do with the release of 2.2.3 .. (offtopic) Oh, I beg to differ, dear Sir, it has everything to do with this latest release. Furthermore, it was an afterthought to what ToraTora! expressed, but if all you can do in the face of gripes about upgrades, hacks etc. is to avoid the issues by saying it's unrelated and offtopic, xiphoid, then kindly refrain from saying anything at all. Leave the moderation of the contents of the forums to the moderators.

Originally posted by Fusion
Leave the moderation of the contents of the forums to the moderators.

At least with some of those guys (mods), as stupid as it sounds, a person can usually get a honest opinion, and not a honey smeared ass kiss like these two are planting.

Originally posted by ToraTora!


At least with some of those guys (mods), as stupid as it sounds, a person can usually get a honest opinion, and not a honey smeared ass kiss like these two are planting. Heheh, not my choice of words, but I'm not saying you're wrong there, ToraTora! ;)

Something I DID forget to mention...beyond compare and TBS will not get everything. One has to remember to rerun those scripts that did template updates (contract posts, awayuser, Vbstats, etc) after running the upgrade16.php

About all this 'other' rhetoric...

My real job is a mainframe operating systems support and design engineer (woo hoo), and I have been doing it over 20 years.

Just a tidnibit: IBM DOESNT CARE. IF YOU PUT CUSTOM CODE IN, IT's UP TO YOU TO RE-DO IT. They will not even help you debug it if it will not fit, unles you want to pay one of their contractors 300.00 an hour +per diem to come in and repair it.

I'll get a webnotice today from IBM about a "SUPER CRITICAL" fix, and then tomorrow, it will be recalled, and the day after, re-issued. So software changes are NEVER solidified.

I hack, because I'm in management now, and I don't get to be as tech as I always have been. Too much a geekibastardo, I guess..But my point is still the same. And by the way, we do get individual fixes from IBM, but they have prereqisite fixes that number in the hundreds, and even then, our local procedures at the company DICTATE that we build an alternate boot disk suite(mainframes have 4GB - 2 HDD volumes boot disks) , and leaving the original ones intact. So, my team is ALWAYS building a COMPLETELY new operating system. But we live in a 24X7 availability environment there, and outage is simply not tolerated.

While we do use a certain organization and standard to HOW it's done so that just about any tech member can perform the procedures, that is an approach that VB cannot use, because they CAN NOT DICTATE to us what, HOW we code, or structure our boards.

While I dont have 100 hacks on my board, I do have over 50. So much that I need to strip some back out to improve the speed of my 2.2.3 board.

SO while they aint perfect, neither are any of us !! I ask to all those that have resentment on this issue: "Do you just bring a problem, or do you also have a solution"? .

Now, I don't think it's the best arrangement, but it IS one I'm used to, so that's probably why is doesnt irk me so much..

Bit's $0.02

For future could Jelsoft not look at some compromise to help the people that wish to add functionality to their board by for example bringing in some of the useful modifications into the core package?

As vbulletin.org now has a monthly hack vote, why not include the hack of the month into the core package, given that they are clearly so popular?

I have worked in the computer industry for more than 16 years now. I have read through this entire thread AND I must say we are now serving cheese with our whine.

When eveyone purchased VBulletin you purchased a product and knew it was one of the best available. The product is still the full product. VB is now upgrading and supporting this product. They have a revision and recommend that you install.

Now, the fact is that most of us have changed (I hate the word hack) our boards. This means we have effectively changed the product - a product now that VB does not support and can not support. There was a time when all programs had development documentation. The most critical part of any change was its documentation. Has anyone here created those documents now for their new boards? MMmm it does not sound like it.

We need to be thinking of ways (as suggested earlier) to help ourselves and not always depend on those who have already created a terrific product.

For those who want a free place to test might I suggest their own home computers. I have set up the following on a Windows XP computer... doesn't seem to interfere with anything.

Apache Server only going to my localhost (whatever the latest version is.

PHP 4.1.1

MySQL what ever version is the most stable and recent.

It is not hard to load. There is also a product with all three included called FOXSERV that I hear loads very easy.

Once you have your board loaded you can start testing locally. This is a very secure way of testing and developing. The files don't take up much room and it is easy to port your board to your own local pc.

-------------------THANKS VB for a fine product and making sure we are all practicing safe computing!!:D

Kehfera

Hack is hack. And the fact will remain as it is. Again, hacks not written by Jelsoft will not be included nor supported. (Why should they anyway)

Vbullein.org is not run by Jelsoft nor owned by Jelsoft. (Some tend to misunderstand this due to some moderators from this forum visit vbulletin.org)
How many times it has to be said that once you add hacks to your forum, you are on your own.

Just a quick note to all those who are complaining about lack of details in the upgrade. This is not a promise, but we will *try* and list what files have changed in each release from now on. However we won't be providing complete detailed changelogs because they take so long to compile, and we could be much better using that time working on the next version, etc.

With regards to my recent interview at SitePoint (as well as several others), I praised the 'hackers' and will continue to do so for their creativity in modifying the code. However, it's not feasible for us to support them, since there are so many different configurations and changes that can be made with even a little code hacking. I believe that some of the hacking people over at vBulletin.org have taken to posting complete change logs for all files between each version. There is the place where you can find support for your hacked boards. Here we provide support for vanilla, unmodified boards. If you have a request to make to the hacking community, you would be a lot better off making it there, I think.

John

Damn, I'm sorry, I really tried to read all the posts, but it's just too much text for my eyes! :eek:

I'll be short. I just want to thank vBulletin for releasing this security update, and I want to thank my new best friend: Beyond Compare (version 2 beta!).

I was able to upgrade my heavily modified board from version 2.2.1 to 2.2.3b in a matter of hours.

I also think that those who wasted their time yelling here, could instead work quietly like I did, and have their board upgraded by now. This upgrade was relatively easy, since no database changes were required... :p

it does say in the license agreement that modifying the source is permitted but at your own risk.. how could vBulletin produce an upgrade script that could cater to people who install hacks when there are tons of hacks and everyone installs different ones?
i think the devs are doing a great job, besides it could be worse.. they could be like infopop and put out a bug release every freakin' week. ;)

Sorry for my ignorance. A poster has mentioned there is a changelog that shows which files are upgraded from 2.2.2. Where is this changelog? I cannot find it in the Member Area!!

Originally posted by tubedogg
We also recommend Araxis Merge - it's even better than BeyondCompare.

I haven't used either of those, but AM was recommended to me for this reason.

Has anyone used Textpad's built-in but basic Compare Files feature? That's really all I've used. (For other non-vB related tasks, that is -- I'm waiting for v3 before I start using vB.)

i stopped reading this thread after 20 posts... it's the same thing posted over and over. :rolleyes:

Originally posted by ForzaGrifo
Sorry for my ignorance. A poster has mentioned there is a changelog that shows which files are upgraded from 2.2.2. Where is this changelog? I cannot find it in the Member Area!!

Actually, it was said that a loose changelog is available in the member's area. It can be found at: http://www.vbulletin.com/members/changelog.php

As for a changelog that lists which files are changed from version to version, this can usually be found over at vBulletin.org in the Full Release Hacking forum a few days to a week after the release.

It was also stated that starting with vBulletin 3.0 that a more comprehensive changelog will be attempted and each file will be marked with an individual CVS version number. Though I doubt there will be a file by file changelog for the switch between version 2.2.3 and 3.0 as the number of changes already number in the thousands and the filenames might not even match up.

Originally posted by wluke
Though I doubt there will be a file by file changelog for the switch between version 2.2.3 and 3.0 as the number of changes already number in the thousands and the filenames might not even match up. So essentially, that cross-over will be a painful one? ;)

Originally posted by Fusion
So essentially, that cross-over will be a painful one? ;)

Let's just say you will be better off just rewriting your hacks for the new system instead of trying to merge the ones you have over.

It might not be as painful as you think though because some popular hacks might become features or be replaced with nice rewrites anyway.

Whew. And I just stopped in here to find the list of files. Who started the bar fight?

:D

'twas him! I swear! :D

Thanks, Wayne. Luckily mine isn't riddled by hacks, but if the modules become a reality, who knows.

Originally posted by ToraTora!
Now...the point that Centris brings up, and one that I agree with, (as well as a few other people that wont bother to say anything)
is there should be no reason what-so-ever to upgrade a whole board for even 30 script changes.
I would pay 50.00 extra just to have a detailed fricken list of the script snippets to add or change.This simply will not happen. It would be far too time consuming even for a small release. Even for my relatively small hacks it sometimes took hours to document the code changes and template changes exactly. A list of changed files is one thing (and is usually provided at vb.org anyway) but a list of "find this, replace with that" is a complete other and will not happen.

That to me is just to damned much. I mean, test board or not, a person should not have to constantly work on keeping your board online because of a change to a few files.
Most of the time, a couple of lines in fact are the only changes..so, why replace a whole godamned script, for two lines of code?Because not everyone is as intelligent as you and not everyone can figure out how to replace this code with that code. Does UBB provide this list that you want? How about iB? Or any other BB maker? Yet all of them (UBB especially) release new versions every couple of weeks if not more often (in UBB's case).

For that, by reading the responses in this thread, I should be penalized in any upgrade attempt, due in part the only way to know those changes, is to sit with a comparison product to point those changes out.
Why? Why should one have to buy another piece of software, to compare notes in another piece of software that has been purchased, when the upgrade itself, is only to a few files?Because you chose to hack - no one forced you to, and in fact it was explicitly stated to you (in the license) that it would void you from receiving support. Support includes help upgrading.

Script snippets of the changes, contained in a text file, with line numbers of those changes, and files that were modified, would be more than enough to please me, and probably a great deal of people, that are contemplating security over trouble and hassle of upgrading.Again, this simply will not happen. There is no other company on earth that does this; not that that's a reason, but it should give you an indication as to why.

To brand the typical approach at every question "You added hacks, so now you lost the rite to endure a easy upgrade...its your fault, now screw off" is bs.You agreed to the license; I'm sorry you don't agree with it, but every other BB maker is the same. We simply cannot keep track of the hacks being released daily to help you troubleshoot or upgrade files with them; we have enough trouble with the thousands of PHP/MySQL configurations out there.
Everybody at this site, has at least one hack on their boardThat's not accurate, and even if it were, it wouldn't change anything. There is a support forum at vb.org if you choose to hack.

Quite simply, there is a members area. The changes to those scripts, could be easily documented, as the changes are made, line numbers and all.It is not anything approaching simple.
Templates as well could be more defined in what or where was changed, or what variable was added to them, or why it was added there to begin with.

Hacks are not supported, but yet, without a few of them, the features would be quite a bit less on the vbulletin software total package.

Portals is from what i understand, unsupported software, but yet, vborg has a portals type front page...Possibly because vb.org is a hacking site? I mean come on...vb.org also has a ton of hacks applied. The board here does not because we do not support it.

Whatever be the case, I find that any reasoning, for making it easier to the paying member who supports the software, has a few hacks, and wants to make it easier to upgrade, a priority no matter what the reasoning is against it.Again I'm sorry you don't agree with it but the people who support vBulletin (myself included) have little enough time outside here as it is - I am not willing to give up the rest of time to try and keep up with every single hack that is released just so you don't have to do a little extra work.

[whew]

OK I just wanted to voice my support for Araxis Merge (http://www.araxis.com/merge/). This is an amazing product. I was able to update my 2.2.1 to 2.2.3b in under two hours. It's an understatement to call my board "heavily hacked" and with Merge I was able to keep all of my custom modifications and review every change I was supposed to make.

Result: 2.2.3b with no headaches. It really was easy, within 2 minutes, the color coding and arrows made sense and I was cruising through every changed file. First step: Setup a folder compare between a clean install of vb2.2.3b and your current site. Then go file by file and review the changed code.

No, it's not for the faint of heart, but if your board is that heavily modified, you can certainly deal with Araxis Merge (and it's free demo period). Yes, it's $124, so maybe someone can recommend something similar under GPL.

Originally posted by Overgrow

OK I just wanted to voice my support for Araxis Merge (http://www.araxis.com/merge/). This is an amazing product.

Ditto. Especially with the 3-way merge. You can compare the original old vB, with the new one, along with your actual hacked forum. Apply vB diffs only, and your done. Offcourse, you just need to know about possible side effects if your familiar with vB code.

Yes, it's $124, so maybe someone can recommend something similar under GPL.

There's a Linux project under sourceforge for a visual compare/merge tool, but last I checked it wasn't yet stable or useful for project comparisons.

Its truly understood by myself, about the licencing, and other factions of VBulletin concerning hacks.
I also understand the possibilities of unneeded responsibility for Jellsoft, to support hacks as well.

I also never claimed to be smarter than my counter-parts either, in any of my posts. That would be rather self absorbed, and egotistical, considering I have a great respect for the guys that code for VBulletin, and the people that create the hacks for Vbulletin as I have always said, time and time again.

Anyways, since suggestions are frowned upon, I will duck out of this thread and use Overgrows advice, while thinking of what Wluke suggested while making my changes.

Originally posted by tamarian

There's a Linux project under sourceforge for a visual compare/merge tool, but last I checked it wasn't yet stable or useful for project comparisons.

I forgot to mention that there is free windows tool, that's quite good, called WinMerge:

http://winmerge.sourceforge.net/

It will compare directories and files, so you can see which files were modified in a new release and merge changes.

It's very good, if you you don't have the $$ for BeyondCompare or AraxisMerge

I cannot thank Overgrow enough. The program recommended in the above post by Overgrow (Axis Merge (http://www.araxis.com/merge)) is simlply unbelievable.

I have used quite a few of these "merge and compare" programs (hence my earlier attitude) that were nothing more than a waste of time and disk space, however, Axis is truly one of the few products that I can actually smile about, and recommend to anybody without somewhat feeling guilty about doing so.

Thanks for the hint Overgrow! 2.5 hours of script updates and changes, plus for once, i got to see what the guys here changed, as well as some of the offkey comments, which are pretty good as well. :D

The folder compare option really cut a great deal of time out for reference on changed files, even though i went through each and every file anyways just to make sure.

Again, big thanks! :D

Originally posted by tubedogg on 03-07-2002 at 06:05 PM
We also recommend Araxis Merge - it's even better than BeyondCompare.

:p

Hi Guys, just a quirey..... 2 days ago I upgraded to VB2.2.3 and I see now that I need to upgrade to VB2.2.3b.

I haven't done so yet.

I couldn't use the attach feature with VB2.2.3 after the upgrade from VB2.2.2 , so I removed $enctype and replaced it with enctype="multipart/form-data" in the appropriate 4 templates and all is fine, everything is working.

Do I need to upgrade to VB2.2.3b?

also as the uprade16.php file has already been run in order to get to VB2.2.3....can we safely run them again to get to VB2.2.3b?

(no hacks installed)

Originally posted by tubedogg
We also recommend Araxis Merge - it's even better than BeyondCompare.Just wanted to voice a slightly different opinion. :o I have installed both Araxis Merge and Beyond Compare 2. I was sure that I will prefer Araxis Merge, especially because of its 3 ways compare feature, but for some reason, Beyond Compare just did much more sense to me... Araxis Merge might visually look a bit better, but Beyond Compare is more practical, at least for my needs, or at least this is my personal opinion.

BTW: I'm speaking about the new Beyond Compare (version 2). It's quite amazing, you can open your FTP directory in one panel, a ZIP file in the other, and perform a complete compare! It also has built in support for common text formats, like C++, Delphi, HTML, etc.. I'll quit rambling now, they don't pay me enough for it. :D

Originally posted by gazdet

Do I need to upgrade to VB2.2.3b?
Yes, you definitely should. It's quite simple though -- simply redownload the zip and upload the globals.php's (in all directories) and functions.php.

Since upgrading to v2.2.3b, the other night, the birthdays shown at the bottom of my community are showing up twice.

Like this:

Today's Birthdays: Noriko
Today's Birthdays: Noriko

You can see it here. http://www.ioanonline.com/forum

How can I fix this so that it's only there once? I looked at the forumhome template and $birthdaybits is only there once. That part of the template looks like this:
$forumbits
$loggedinusers
$birthdaybits
$pminfo
I looked in the forumhome_birthdaybit template and it's not in there twice. Is there something in the .php files that I need to fix?

TIA

It sounds like you also have $birthdaybits in your forumhome_loggedinusers template.

Thanks Steve, you're a genius. ;)
It's fixed.

Originally posted by admiralapril
Thanks Steve, you're a genius. ;) How'd you know? ;)

Originally posted by smachol
How'd you know? ;)

!! speculation !! :D :D :D

Just wanted to thank the developers of vB on this release. Great job. Also wanted to extend my gratiude for suggesting Beyond Compare... it took me less than 2 hours to upgrade and KEEP (not re-install :D) all of my hacks, which I have several of!

I'm sure Scooter Software will be thankful for your recommendation! The 2.1 beta of it rocks, as other people have said. It's free also, so go get it now!

Thanks again to Jelsoft... I look forward to vB3.0 (who doesn't) :)

Thanks for the upgrade, vB. I just upgraded from 2.2.1 to 2.2.3 with no problems whatsoever. That said, I feel the same frustration many of you have expressed here in spending hours and hours reapplying hacks and template edits. I just finished reverting and then re-customizing templates and I am going to re-add some hacks later tonight (Community Bulletin, Welcome Panel, etc.). Let's hope this is the last one before 3. :D

Originally posted by tubedogg on 03-07-2002 at 06:05 PM
We also recommend Araxis Merge - it's even better than BeyondCompare.

Well! I sit corrected!!

As you said and the others stated, muuuch more than Beyond Compare, and worth the coin to me.

Thanks for the great efforts, this n00b appreciates it !

About 2.2.3 - This along with the great tuning threads have resolved my load issues nicely!! GREAT JOB

I notice that vblletin.style has a lot of changes. Is there anywhere that I can find out if there's anything in there important to fix the security? Thank you.

Originally posted by xiphoid


Question: Is it save now to let users upload custom avatars/ attachments now? Even if my hosting provider did not fix PHP yet?

--

again..

shall i uppgrade fro 2.2.2 to 2.2.3b or no't
is the change so much so it is worth to upgrade

Originally posted by thom
shall i uppgrade fro 2.2.2 to 2.2.3b or no't
is the change so much so it is worth to upgrade

Even though the updates were little, it does fix some bugs/typos and more importantly, some security issue. Upgrading is up to you, but personally .. i'd upgrade.

We just released 2.2.3c, which fixes a critical problem for anyone that allows guest posting. If you have downloaded 2.2.3, and you allow guests to post on your boards, please download and install 2.2.3c available from the members area.

Originally posted by xiphoid
Question: Is it save now to let users upload custom avatars/ attachments now? Even if my hosting provider did not fix PHP yet?


No. That is a PHP issue and cannot be fixed in vBulletin. If your host hasn't patched PHP and you allow uploads you are at risk.

Was our privacy at vbulletin.com compromised?
Since someone was logged in as John, i wonder how much further he went.

Originally posted by Chris Schreiber
We just released 2.2.3c, which fixes a critical problem for anyone that allows guest posting. If you have downloaded 2.2.3, and you allow guests to post on your boards, please download and install 2.2.3c available from the members area. Could you please go into some more detail concerning the problem?

Thanks,
Alex

At the moment we would rather not release too many details to make sure that boards that haven't yet upgraded are protected from any potential hackers. But please do make the necessary changes to your newthread.php/newreply.php file as posted in Chris' announcement as it really is a critical issue.

But if you don't allow guest posting then there is no real need to worry about it. The issue only affects forums which allow any sort of guest posting.