is that necessary to use "base64_decode" function

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • sahareto
    Member
    • Nov 2008
    • 32
    #1

    is that necessary to use "base64_decode" function

    is that necessary to use "base64_decode" function
    becouse I want to but it in php.ini disable_function

    and this function found on this file

    PHP Code:
    attachment.php:290:             $filedata base64_decode('R0lGODlhAQABAIAAAMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
    cron.php:44:$filedata base64_decode('R0lGODlhAQABAIAAAMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
    includes/functions.php:2244:            return ($decode base64_decode($return) : $return); 
    and when I disable this function its give me base64_decode is disable for security reason

    I want to disable this function because some shell file decode them files to base64
    my vbulletin version 3.8.4 patch level 1
    Tags: None
    • Lynne
      Former vBulletin Support
      • Oct 2004
      • 26255
      #2
      That is not default vbulletin. If you download the files from the vb.com download area and look at them, those lines are not in there. It looks like they have been added to your files.
      Please don't PM or VM me for support - I only help out in the threads.
      vBulletin Manual & vBulletin 4.0 Code Documentation (API)
      Want help modifying your vbulletin forum? Head on over to vbulletin.org
      If I post CSS and you don't know where it goes, throw it into the additional.css template.
      W3Schools <- awesome site for html/css help

        Comment

        • SecondV
          Senior Member
          • May 2006
          • 180
          • 3.8.x
          #3
          Originally posted by Lynne
          That is not default vbulletin. If you download the files from the vb.com download area and look at them, those lines are not in there. It looks like they have been added to your files.
          Actually it is part of default vbulletin.

          cron.php uses base64_decode to show a blank gif file, as does attachment.php
          Regards,
          Eric Sizemore

          My modifications

            Comment

            • sahareto
              Member
              • Nov 2008
              • 32
              #4
              yes its based on the vb files from ago
              and really disable this function is very important to prevent some hacker methods
              and I want to know, can vb developer discuss this and how its important to use this function in cron and attachment
              and can the developer replace this function can be safe better ?
              and thanks for advice

                Comment

                • Lynne
                  Former vBulletin Support
                  • Oct 2004
                  • 26255
                  #5
                  Ah, good to know (I suppose ) I guess I just never noticed that being used in the vb code. Whenever I've seen it discussed, it's been a hacker using it.
                  Please don't PM or VM me for support - I only help out in the threads.
                  vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                  Want help modifying your vbulletin forum? Head on over to vbulletin.org
                  If I post CSS and you don't know where it goes, throw it into the additional.css template.
                  W3Schools <- awesome site for html/css help

                    Comment

                    Previous template Next
                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...