The following are instructions for manually patching vBulletin 3.5.x, 3.6.x, 3.7.x, and 3.8.x for the patch released March 13, 2014.
This patch should be applied by everyone running vBulletin 3.x but it requires you be on PHP 5.2.0 or higher.
Verify you have PHP 5.2.0 or higher before you make these changes. If you don't you will break the site by making these changes.
The version of PHP on your server is visible in the Admin CP in the table near the top of the page, under thew news.
If your PHP version is not at least 5.2.0 see the announcement thread for more options.
In forumdisplay.php
Step 1.
Find the code:
Replace with:
IF, and ONLY IF you cannot find the text above then instead look for the code below-
Step 1 Alternate.
Find the code:
and Replace with:
In includes/functions_misc.php
Step 2.
Find the code:
Replace with:
IF, and ONLY IF you cannot find the text above then instead look for the code below-
Step 2 Alternate.
Find the code:
Replace with:
Step 3.
Find the code:
Replace with:
After editing each file upload it back to your server. Keep a backup of the old file just in case. If you ever need a backup of the original file you can re-download your version of VB 3.x from the Member's Area. Only vBulletin 3.8.7 will be officially patched in the Member's Area. VB 3.8.8 Beta 4 will also contain the changes in this patch.
If you are on Windows use a dedicated code editor like Notepad2 or Notepad++ (both are free) to edit your .php files, do not use Windows Notepad.
This patch should be applied by everyone running vBulletin 3.x but it requires you be on PHP 5.2.0 or higher.
Verify you have PHP 5.2.0 or higher before you make these changes. If you don't you will break the site by making these changes.
The version of PHP on your server is visible in the Admin CP in the table near the top of the page, under thew news.
If your PHP version is not at least 5.2.0 see the announcement thread for more options.
In forumdisplay.php
Step 1.
Find the code:
Code:
$temp = unserialize($check);
Code:
$temp = json_decode($check, true);
Step 1 Alternate.
Find the code:
Code:
$temp = unserialize($vbulletin->GPC['postvars']);
Code:
$temp = json_decode($vbulletin->GPC['postvars'], true);
In includes/functions_misc.php
Step 2.
Find the code:
Code:
return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string(serialize($_POST))) . '" />' . "\n";
Code:
$string = json_encode($_POST); return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string($string)) . '" />' . "\n";
Step 2 Alternate.
Find the code:
Code:
return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(serialize($_POST)) . '" />' . "\n";
Code:
$string = json_encode($_POST); return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni($string) . '" />' . "\n";
Find the code:
Code:
$temp = unserialize($serializedarr);
Code:
$temp = json_decode($serializedarr, true);
After editing each file upload it back to your server. Keep a backup of the old file just in case. If you ever need a backup of the original file you can re-download your version of VB 3.x from the Member's Area. Only vBulletin 3.8.7 will be officially patched in the Member's Area. VB 3.8.8 Beta 4 will also contain the changes in this patch.
If you are on Windows use a dedicated code editor like Notepad2 or Notepad++ (both are free) to edit your .php files, do not use Windows Notepad.
Comment