Discuss away!

If you are having a specific problem, please post in the appropriate forum rather than using this thread.

2.3.1

*wonders when 2.3.2 comes out

And waits for the day that 6.6.6 comes out :)

Why are you talking of upgrade1.php ? :p



And the usuals (all for just the version number): admin/upgrade1.php, admin/install.php

Because upgrade1.php changes with every release, in order to update the version number.

are the changes in here present in the version 3 beta 5? cos i'm just gonnna upgrade to beta 5 tonight if they are. Thanks.

:)

For some reason, I am downloading a blank zip file...

Just upgraded my vB at www.winsectors.com . What are the "noticed" differences for the admin, mod, and end-user fields?

For some reason, I am downloading a blank zip file...
This is a problem caused by some firewall software. Temporarily disable any firewall software prior to accessing the Members Area. Then try the download again.

Just upgraded my vB at www.winsectors.com . What are the "noticed" differences for the admin, mod, and end-user fields?
Check the announcement thread for 2.3.1

are the changes in here present in the version 3 beta 5? cos i'm just gonnna upgrade to beta 5 tonight if they are. Thanks.

:)

Read Kier's announcement again, the fixes in 2.3.1 will no way affect anything in 3.0.0. ;)

Any chance of a patch for the XSS bug?

Any chance of a patch for the XSS bug?
I don't think so... as I remember it involved a lot of edits to a lot of files.

Can we go from 3.0.0 Beta 5 and downgrade to 2.3.1?

Can we go from 3.0.0 Beta 5 and downgrade to 2.3.1?
No. Downgrading from vBulletin 3 to vBulletin 2 is not possible.

Why would you want to downgrade from vB3 to vB2...?

ARGH. I just spent all night hacking my board (over 60 hacks) and now I will have to do it all again!

I thought there weren't going to be any more on VB2?

ARGH. I just spent all night hacking my board (over 60 hacks) and now I will have to do it all again!

I thought there weren't going to be any more on VB2?

Read the announcement before jumping to any conclusions.

ARGH. I just spent all night hacking my board (over 60 hacks) and now I will have to do it all again!


:D :D :D

... for me too... :( :( :(

Ugh. Now, none of my attached files are showing (ie, attaching a screenshot, etc...).

Can anyone confirm problems with Mozilla not interpreting the & code but just adding this as plaintext to the URL (and thus leading to a false URL)? I have tried with MozillaFirebird 6.1 nightly build and Mozilla 1.5a, on two different PCs.

Edit: Plus, I get error mails every few minutes like:

Database error in vBulletin 2.3.1:

Invalid SQL:
SELECT
post.postid, thread.visible
FROM
post LEFT JOIN thread ON thread.threadid=post.threadid
WHERE
post.visible=1 AND thread.visible=1 AND 1=1 AND NOT (thread.forumid='60' OR thread.forumid='56' OR thread.forumid='59' OR thread.forumid='95' OR
thread.forumid='109' OR thread.forumid='100' OR thread.forumid='49' OR thread.forumid='5' OR thread.forumid='20' OR thread.forumid='44' OR thread.forumid='80' OR
thread.forumid='79' OR thread.forumid='82' OR thread.forumid='108') AND post.userid='5740'
ORDER BY
post.dateline DESC,post.dateline DESC
LIMIT 0,

mysql error: You have an error in your SQL syntax near '' at line 11

mysql error number: 1064

Date: Thursday 07th of August 2003 08:44:47 PM
Script: http://www.dvdboard.de/forum/forum/search.php?action=showresults&searchid=595982
Referer:

Seeing an error when searching for a "direct hit" username (i.e. in CP, under find user, enter full known existing username)...

Quick msg flashes by (it redirects) saying that exactly one match was found, followed by an error on line #86 of admin/adminfunctions.php file (from 'diff' output between 2.3.0 vs. 2.3.1 file):

85a86
> $gotopage = preg_replace('#(&)([a-z0-9_]+=)', '&\2', $gotopage);

Error flashes by too quick and I cannot stop the redirect to capture it, but it complains about matching a pound sign or something rather.

This causes IE to redirect/reload the entire CP in the "main" frame... Mozilla Firebird 1.6.1+ does not show error msg and just redirects to blank user search form...

Anyone else getting this behavior?

EDIT: I apologize for posting this here in this thread. Will go look/ask under the proper section.

Please post all problems and requests for assistance in their own threads. Thanks.

Discuss away!

If you are having a specific problem, please post in the appropriate forum rather than using this thread.

And this is why you do RCs first :D

<<<<<<< attachment.php
=======
<?php
error_reporting(7);
$noheader=1;
require("./global.php");
That was in the header of attachment.php.. I'm sure that would really screw up attachments :D

Y'know what? No. Not upgrading. I'm going to have to move over 20 hacks, about half custom-made, for an XSS fix? No thanks, I'm running perfectly fine.

Like was said above, you said that version 2.3.0 would be the last version in the 2.x series.

Sorry if I sound mad, I'm not, I'm just saying that you should mean what you say, and think it through, before you say it. Not worth making the guarantee that 2.3.0 is final code if there will still be changes.

Forget 2.x and work on 3.0! :D I'd much rather spend my time upgrading to something better and more feature-rich, than re-hacking my board for an XSS and XHTML issue.

I know you guys are smart people (if you weren't, I wouldn't pay for your software ;)) but this was more of a "look, we can be distracted by minor issues!" release than a "look what else we know how to do!" release. I look forward to vB3 Gold.

Once again though, I feel I must apologize for sounding like a crank or like I'm mad at you guys at Jelsoft. You are awesome! I just wish you would mean what you say... :(

Please post all problems and requests for assistance in their own threads. Thanks.

There are obviously some general problems with this release so I think it is quite needed to report them here.
At least I have tracked my specific problem reported above down to character encoding. Oh, I like those hassle-free patches :(

Y'know what? No. Not upgrading. I'm going to have to move over 20 hacks, about half custom-made, for an XSS fix? No thanks, I'm running perfectly fine.

Like was said above, you said that version 2.3.0 would be the last version in the 2.x series.

Sorry if I sound mad, I'm not, I'm just saying that you should mean what you say, and think it through, before you say it. Not worth making the guarantee that 2.3.0 is final code if there will still be changes.

Forget 2.x and work on 3.0! :D I'd much rather spend my time upgrading to something better and more feature-rich, than re-hacking my board for an XSS and XHTML issue.

I know you guys are smart people (if you weren't, I wouldn't pay for your software ;)) but this was more of a "look, we can be distracted by minor issues!" release than a "look what else we know how to do!" release. I look forward to vB3 Gold.

Once again though, I feel I must apologize for sounding like a crank or like I'm mad at you guys at Jelsoft. You are awesome! I just wish you would mean what you say... :(

Dude, that sounded really selfish of you to say that. People are still going to use VB2 because they do not want to use an unstable system. Yes, the Dev team has said that it is unstable and should not be used for a live site until it goes gold or RC.

If a problem comes up in 2.x and people are still using it widely then they should fix that problem since VB3 is not done. When it is done then all development should cease for 2.x.

Look at what is going on around you and you will see that there are people that are thankful for this upgrade instead of blasting the development team for fixing an error that obvisously other customers were concerned about.

I don't think so... as I remember it involved a lot of edits to a lot of files.

patching support multiple files Kier as you know :)


Thanks anyways

Dude, that sounded really selfish of you to say that. People are still going to use VB2 because they do not want to use an unstable system. Yes, the Dev team has said that it is unstable and should not be used for a live site until it goes gold or RC.

If a problem comes up in 2.x and people are still using it widely then they should fix that problem since VB3 is not done. When it is done then all development should cease for 2.x.

Look at what is going on around you and you will see that there are people that are thankful for this upgrade instead of blasting the development team for fixing an error that obvisously other customers were concerned about.
Sorry if I offended you, but it obviously wasn't that big of an issue. I mean, if it were fatally critical to the operation of vB2, they would've had the bug reported to them back around 2.2.6... I'm not blasting the dev team, they really are awesome, but I'm just suggesting they keep their eyes on the road and not stop to fix little errors along the way.

Perfectionism annoys me sometimes, and for some reason, this instance really bothers me... Wish I knew why. :confused:

Sorry again for sounding like a jackass, just saying I wish vB3 was what was being released!

But it is being released. That's why there was just a version released on Monday.

And with it not being that important, it had to be somewhat important for them to fix it. Sometimes people just stumble on things and you don't want that slip in coding to allow someone's forums to get hacked.

They are looking out for your best interests.

As stated in Kier's post, this is not a Security update, merely to fix a few spellings, make & into &amp;, and some other trivial things which aren't key to vBulletin as a whole...

There is no need to update if it will cause you that much hassle;)

Satan

As stated in Kier's post, this is not a Security update, merely to fix a few spellings, make & into &amp;, and some other trivial things which aren't key to vBulletin as a whole...

There is no need to update if it will cause you that much hassle;)

Satan


--------------- VBULLETIN 2.3.1 RELEASED -----------------

vBulletin 2.3.1 has been released to fix various minor
bugs and to patch a potential security hole. We recommend
that you upgrade as soon as possible, to make it easier to
upgrade to vBulletin 3.0 when it is released.


...

Hey Scott, what is the status with this?

"We've experienced a few problems with this release due to a CVS problem. We will be releasing an update to resolve these problems.

Sorry for the inconvenience."

Is that update now out yet or are you still working on it?

I just discovered some new hidden feature while I was upgrading :)

function moo($str)
{
return $str;
}

Really useful this one ;)

And this is why you do RCs first :D
<<<<<<< attachment.php
=======
<?php
error_reporting(7);
$noheader=1;
require("./global.php");
That was in the header of attachment.php.. I'm sure that would really screw up attachments :D

It does, here is the error report.
<<<<<<< attachment.php =======
Warning: Cannot modify header information - headers already sent by (output started at /home/www.caddis.co.uk/public_html/forums/attachment.php:1)

So should we not upgrade yet then?

So should we not upgrade yet then?

Im wondering this to after seeing Scott's post.

I'd hold off until this is resolved.

http://www.vbulletin.com/forum/showpost.php?p=508174&postcount=3

I'd hold off until this is resolved.

http://www.vbulletin.com/forum/showpost.php?p=508174&postcount=3

Ok, thanks Steve.

I was excited too when I was at work when I saw the release. Oh well.

Don't forget to update the version on the main vBulletin page. ;)

What is CVS?

Hey I know bugs happen, but some of the issues on 2.3.1 are less than fun. Do you have an ETA for a bug fix for it?

Didn't think we'd have so many issues with a x.x.point upgrade

Y'know what? No. Not upgrading. I'm going to have to move over 20 hacks, about half custom-made, for an XSS fix? No thanks, I'm running perfectly fine.

Like was said above, you said that version 2.3.0 would be the last version in the 2.x series.

Sorry if I sound mad, I'm not, I'm just saying that you should mean what you say, and think it through, before you say it. Not worth making the guarantee that 2.3.0 is final code if there will still be changes.

So you're saying that Jelsoft should not release a patch if hackers have found a way to hack into your forum using an XSS vulnerability?

So you are willing to run a forum which is now open to an XSS security loophole?

In an ideal world, 2.3.0 would be the last vB2 version - however, there are hackers out there looking for ways to hack into forums - such a loophole was found to exist in 2.3.0 and this has been fixed in 2.3.1 - you should be praising Jelsoft for releasing a patch, and not complain.

I'd appreciate seeing the code that was changed so we can just fix that without upgrading a heavily hacked board all the time. Any chance?

I was reading down in the Bugs forum that this new version is preventing new users from registering. Is this confirmed or just a freak incident?

ummmm, did I miss the RC?

Did anyone know about this lol. Weird.... Um.. good job? I am still learning VB3 lol

This is a vB2 update, and has nothing to do with vB3. :)

"We've experienced a few problems with this release due to a CVS problem. We will be releasing an update to resolve these problems."


Could we get an email sent out to members when it is safe to download? or maybe post when it is safe in that main thread about the update?

Jelfsoft, to make everyone happy, please post a zip with intructions to patch the XSS hole, this is what you do most of the time. Some of us people have heavily hacked boards and do not want to lose all the hacks.

It doesn't matter if it needs alot of file edits. :)

Because upgrade1.php changes with every release, in order to update the version number.

upgrade1.php is also the script you use in vBulletin 3 whereas vBulletin 2.x has been going into upgrade24.php, with no upgrade1.php to be found in the entire package anywhere. :)

After reading all this I don't feel like updating from 2.3.0 to 2.3.1 anymore because I think that it doesn't worth the hassle if V. 3.0.0 is coming out soon/next.

Q: If I'm not going to update now, will I have a problems, trouble updating V. 2.3.0 directly to V.3.0.0 when it comes out? Or should I update now to V. 2.3.1 so I can directly update to V. 3.0.0 later?

I upgraded from V2.3.0 to V3 Beta 3 with absolutely no hassle.

I upgraded from V2.3.0 to V3 Beta 3 with absolutely no hassle.

Yes, but current users of 2.3.0 will have to upgrade to 2.3.1 BEFORE upgrading to 3.0.0 Beta 5.

I'd appreciate seeing the code that was changed so we can just fix that without upgrading a heavily hacked board all the time. Any chance?
I second that!
P-p-p-p-p-p-p-p-p-l-e-e-e-e-e-s-e? :confused:

Yes, but current users of 2.3.0 will have to upgrade to 2.3.1 BEFORE upgrading to 3.0.0 Beta 5.
Not necessarily. I think I read that you can safely upgrade to vb3 from v2.2.9.

Originally Posted by poolking
Yes, but current users of 2.3.0 will have to upgrade to 2.3.1 BEFORE upgrading to 3.0.0 Beta 5.
No you don't... If you can go to vB3 Beta 3 or 4 from 2.2.4, you can just upgrade Beta 3/4 to Beta 5 and be fine.

Guys, I'm not mad, I'm just saying: Most people have been told that 2.3.0 would be the final release, and treating it as such. I'm very sure that if we were expecting another version, a lot of people would hold off on coding the hacks. But we were all told it was vB2 final, and that the next version would be vB3. Now it turns out that's not the case.

I can also say that if I were to upgrade now, my forums would not run. Guaranteed. There are hacks I've coded that generate required parts of the HTML code in my site. Without the hacks, people would get a white page with partial header information, and a PHP parse error. (Yes, I've tested this in a test environment.) And for some strange reason, I got a lot of DB errors on 2.3.1.... Made me have to shut the forums down to prevent inbox flooding.

I'm very thankful that Jelsoft has our best interests in mind! I would love to integrate this patch into my forums, but that is not an option if it would require recoding most of my hacks. I would really appreciate what has already been mentioned in this thread: Step by step instructions on how to manually patch this vunerability.

Also, security fixes are not top priority on my site, because a lot of my users only know enough about computers to get on to Internet Explorer and MSN.

Sorry again guys, I'm not trying to force an issue here. But I would like to make a suggestion: A system (like vBHacker) that would install patches and bugfixes as they are avaliable. All that would be required from the webmaster would be a click on the "Check for updates" button in the Admin CP. vBulletin would take over from there, download the required fixes, and merge them into the appropriate places. This way, hacks or none, upgrades could be done. Some hacks may make a patch non-usable (because the code it's looking for to fix would be altered) but in that case you could get instructions on manual patching, just like a vBHacker file can either automatically do it for you, or just give you instructions.

Anyways, I'll shut up now, because my ideas never work...

Yes, but current users of 2.3.0 will have to upgrade to 2.3.1 BEFORE upgrading to 3.0.0 Beta 5.

Yesterday, I went from 2.3.0 to 3.0.0 Beta 5 without a hitch.

Robert

So dstruct, why have the developers and the support team always advocating that you should upgrade to the latest version of vb2 before upgrading to vb3 beta?

So dstruct, why have the developers and the support team always advocating that you should upgrade to the latest version of vb2 before upgrading to vb3 beta?

Because of any database changes I would imagine. If there arn't any from 2.3.0 to 2.3.1 then theres no reason the upgrade wouldn't work as we already know upgrading to vB3 from 2.3.0 works fine. Changes within the PHP files and Templates for vB2 won't effect any upgrades to vB3.

dstruct2k,

You can simply use something like Araxis Merge to view the changes between 2.3.0 and 2.3.1 - it is easy to upgrade - there is no need to do every code hack manualy all over again.

They can't do a simple "update now" type thing as people hack their code - like you. If the script was told to look for "cat" and replace with "dog", what happens when you manualy changed "cat" to "ham" before? The script woudn't work.

The vBulletin team can't see into the future and work out all the bugs. They just take them as they come, and try and fix them for you. The way I see it, the vBulletin team have two choices:
Fix the problem, give everyone fix - and upset people because it didn't end up being the last version Don't fix the problem, don't tell anyone and hope that no one gets hacked. Then everyone will jump up and down saying "why didn't you release a fix?"It's your option to upgrade, they are just giving you a choice.

vBulletin 2.3.2 will be released today to fix the bugs in 2.3.1

vBulletin 2.3.2 is now available. Please continue your discussion in this thread.