I have the latest version of Blog for vb3.8 and it still has this bug. Spam can still be sent via the Send To Friend functionality with no way to turn that off!
Here is a bit more detailed explanation of how to edit blog.php to stop the spam:
Find:
if ($_POST['do'] == 'dosendtofriend')
and add the things shown in red:
if (FALSE && ($_POST['do'] == 'dosendtofriend'))
Also find:
if ($_REQUEST['do'] == 'sendtofriend')
and add the things shown in red:
if (FALSE && ($_REQUEST['do'] == 'sendtofriend'))
Be sure to include the last closing parenthesis in both of those. That disables the send to friend functionality. To get rid of the link showing up in your template, you have to edit the blog_show_entry template. In that template remove this block of code:
<if condition="$show['emailentry']">
<a href="blog.php?$session[sessionurl]do=sendtofriend&b=$bloginfo[blogid]"><img src="$stylevar[imgdir_misc]/blog/email_go.gif" border="0" class="inlineimg" alt="$vbphrase[email_blog_entry]" /></a>
</if>
Thanks to raywjohnson and Dan Druff for pointing me in the right direction on how to fix, unlike a lot of threads about spam coming from vBulletin. Most tell you to check the usergroup permissions and make sure 'send to friend' and 'email members' is off for unregistered, banned, etc., usergroups. If you tell them it is, and that it is still happening, then the assumption is that you're hacked or some plugin is doing it. Well, it's a plugin alright, but an official one (vBulletin Blog)!
Here is a bit more detailed explanation of how to edit blog.php to stop the spam:
Find:
if ($_POST['do'] == 'dosendtofriend')
and add the things shown in red:
if (FALSE && ($_POST['do'] == 'dosendtofriend'))
Also find:
if ($_REQUEST['do'] == 'sendtofriend')
and add the things shown in red:
if (FALSE && ($_REQUEST['do'] == 'sendtofriend'))
Be sure to include the last closing parenthesis in both of those. That disables the send to friend functionality. To get rid of the link showing up in your template, you have to edit the blog_show_entry template. In that template remove this block of code:
<if condition="$show['emailentry']">
<a href="blog.php?$session[sessionurl]do=sendtofriend&b=$bloginfo[blogid]"><img src="$stylevar[imgdir_misc]/blog/email_go.gif" border="0" class="inlineimg" alt="$vbphrase[email_blog_entry]" /></a>
</if>
Thanks to raywjohnson and Dan Druff for pointing me in the right direction on how to fix, unlike a lot of threads about spam coming from vBulletin. Most tell you to check the usergroup permissions and make sure 'send to friend' and 'email members' is off for unregistered, banned, etc., usergroups. If you tell them it is, and that it is still happening, then the assumption is that you're hacked or some plugin is doing it. Well, it's a plugin alright, but an official one (vBulletin Blog)!
Comment