I catched a bug related to Admin CP/Setting section.

In Admin CP/ Settings, if you enter a value to an input or text field in this context:
$a['a']
it causes an T_STRING' or `T_VARIABLE' or `T_NUM_STRING' error in global.php while getting forum options from the Template table, thus effecting all forum pages.

Same error happens if " is used instead of ' but error doesnt occur if ", ' or $ sign is removed. So these entries do not give any errors:
$a[a]
a['a']
$ a['a']


In other words there is no check for text/input field entries in Admin CP settings and any data in PHP associative array format entered causes errors.

It's no surprise no one run into it before and it's gone unnoticed for a long time since it happens only you enter an associate array format text in settings. I catched it when working on a new hack and noticed that it exists in all vb versions I tested. I checked from v.2.2.2 to 2.2.7 and bug is there in all versions in between..

It's a small bug but I believe you would like to know, so I'm informing you anyway.

If you are too busy with v.3, holler and I'll work on it a little more and release the fix as well..

Regards,
Logician

To thread visitors:

If you dont know what you are doing, DO NOT try to test this bug by changing your vb settings. You may not be able to access your forum or Admin CP any more!

If you are a power user and determined to test it, do not close your browser after you changed any option with the bug text. To revert back choose back and change delete the setting input after your test. If you close your browser in the meantime, you may not be able to access it since the bug effects global.php which means all called vbulletin files will be effected.. If you are new to what I'm talking here, you better not test it at all..

Well nobody hollered but here is my fix anyway: :)

Edit admin/options.php, find

$DB_site->query("UPDATE setting SET value='".addslashes($val)."' WHERE settingid='$key'");


Before that add:

$val=preg_replace("/(\\$\w+\[)['\"](.*)['\"](\])/siU", "\\1\\2\\3",$val);


As developers are well aware, this fix is not the ideal solution for the bug. The bug is related to the function which evaluates templates and the ideal solution will be to recode this specific function. Although my code does not attempt to touch the buggy section, it prevents the Admins (you) not to enter the bug text to any settings section accidently or intentionally. If you do, the text is automatically converted to an acceptable value.

Well you dont have to install this patch. By simply not entering such a text to your vb settings, you'll have the same result.. :p

Regards,
Logician

Cool fix, I noticed this myself a couple weeks ago when coding the options.php :D

Edit line 378 of admin/adminfunctions.php to:

$template .= "\$$setting[varname] = \"" . addslashes( str_replace( array( '"' , '$' ), array( '\"' , '\$' ) , $setting['value'] ) ) . "\";\n";