Announcement

Collapse
No announcement yet.

All known VB 4.2.5 bug fixes (combined.)

Collapse
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • All known VB 4.2.5 bug fixes (combined.)

    As VB 4.2.5 is likely the last release of VB 4.x other than security patches any bug fixes found will need to be manually applied. This thread will be the home of all know VB 4.2.5 bug fixes.


    The first fix is for Social Group Picture Uploading:

    A customer found and identified the reason for bug affecting the uploading of images to social groups in VB 4.2.5. In short, you can not upload new images to social groups in VB 4.2.5, you end up with a white page.

    A quick fix is to edit the group.php file.

    On or about line 3672

    Currently is:
    PHP Code:
    if ((!empty($_POST['do']) AND $_POST['do'] == 'insertpictures') OR $_REQUEST['do'] == 'addpictures'
    Change it to:
    PHP Code:
    if ((!empty($_POST['do']) AND ($_POST['do'] == 'insertpictures') OR $_REQUEST['do'] == 'addpictures') OR ($_POST['do'] == 'updatepictures')) 
    Tested on my own VB 4.2.5 board it seems to fix the issue.

    As it is unlikely there will be an official fix you should make note of this and any file customizations you do to your site in case you ever need to restore default VB 4.2.5 files.

    Also be sure to use a code editor and not windows notepad to edit PHP files.

    JIRA report: http://tracker.vbulletin.com/browse/VBIV-16307
    Last edited by Joe D.; Fri 11th Aug '17, 9:48am.

  • #2
    Issue: Timezones that are partial hours (15, 30, 45 minutes) different from GMT do not work in VB 4.2.5.


    A fix that resolves most of the issue. Calendar events will still not be correct if the time of the event is entered by someone from one of these time zones that aren't whole hours different from GMT.


    At or about line 4503 of /includes/functions.php

    Change:

    Code:
    $tzos = intval($vbulletin->userinfo['timezoneoffset']);
    to

    Code:
    $tzos = floatval($vbulletin->userinfo['timezoneoffset']);
    There hasn't been a lot of testing. If you notice any new problems please post them ASAP at https://www.vbulletin.org/forum/showthread.php?t=325494

    Comment


    • #3
      Advanced Post Editing fix for Google Chrome based browsers.

      An change in Google Chrome meant to protect sites from cross-site-scripting (XSS) exploits is backfiring and blocking legitimate scripts on various web applications including VB 4.2.5. The fix is to create a simple plugin that tells the browser to turn off this feature for the Advanced Editor pages.

      You can do this in one of two ways, either manually create the plugin or download the attached file and then upload it as a new product in the Admin CP -> Product Manager -> Add New Product.

      Do one or the other, not both.

      Manual Instructions:

      1) Go to Admin CP -> Plugins & Products -> Add New Plugin
      2) On the plugin page enter the following values:

      Product: vBulletin
      Hook Location: editpost_update_start
      Title: XSS Block Bug Fix
      Execution Order: 1
      Plugin PHP Code:
      Code:
      //bugfix from vbsupport
      header('X-XSS-Protection:0');
      Set Active:Yes

      Save changes.

      Or upload the attached .XML file and import it into Product Manager in the Admn CP. There are no settings, it works as soon as it is imported.
      Attached Files
      Last edited by Joe D.; Thu 9th Nov '17, 9:51am.

      Comment


      • scylla22
        scylla22 commented
        Editing a comment
        Do we need to do this if our site runs HTTPS?

      • Joe D.
        Joe D. commented
        Editing a comment
        Honestly I don't know, I would do it anyway.

    • #4
      I found a bug on the mobile template, when used with Chrome. The description and working correction can be found in this thread.

      There are still some minor issues with the mobile template. Some pages have a lot of white space after the forum content. It would be great if you could post a fix for that, as well.
      Regards

      Peter Walker
      http://www.rifeforum.com

      Comment


      • #5
        Also this:

        Running vBulletin 4.2.5 with PHP7.1...

        I normally have warnings suppressed but needed to display them while troubleshooting something and when I do I see this in the AdminCP User Manager just after Image Options and before User Profile Fields:

        Code:
        PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 589
        
        PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 592
        
        PHP Warning: Illegal string offset 'usergroupid' in ..../includes/functions.php on line 532
        
        PHP Warning: Illegal string offset 'usergroupid' in ..../includes/functions.php on line 598
        
        PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 598
        The lines in question are:

        Code:
        589 if (!is_array($user_memberships["$userinfo[userid]"]) OR !$cache)
        
        592 user_memberships["$userinfo[userid]"] = fetch_membergroupids_array($userinfo);
        
        532 $membergroups[] = $user['usergroupid'];
        
        598 if ($userinfo['usergroupid'] == $usergroupid OR in_array($usergroupid, $user_memberships["$userinfo[userid]"]))
        In case it's relevant, I do have some custom fields in the user profiles.

        Suggestions for how to fix this?
        Psychlinks Mental Health Support Forum
        Local Search Forum

        Comment


        • #6
          Please note this isn't a thread for support questions, it is for known and verified fixes to be posted. We will not be answering support questions here. Please start a new thread if you need support. Thanks.
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.4.2 Demo - FEATURING "ROUTE BY NODE"!
          AdminAmmo - My Cloud Demo

          Comment


          • #7
            Basically you should just be suppressing warnings, there is no simple fix for this and it isn't really an error just a change in how PHP worked between 5.3.x and 5.4.x.

            Comment


            • #8
              Thanks, Joe.
              Psychlinks Mental Health Support Forum
              Local Search Forum

              Comment


              • #9
                Note- Due to potential for exploit you should not be using ImageMagick as the Image Processing Library. (The exploit is in ImageMagick code, not vBulletin.) However by default vBulletin is set to use the GD image library so the majority of customers should be safe. To be sure go to the Admin CP -> Settings -> Options -> Image Settings and and make sure GD is used. If you have an error uploading images after changing make your PHP is configured to have the GD library.

                This is true for all VB 3.x and 4.x versions.

                Comment


                • #10
                  Originally posted by Joe D. View Post
                  Advanced Post Editing fix for Google Chrome based browsers.

                  An change in Google Chrome meant to protect sites from cross-site-scripting (XSS) exploits is backfiring and blocking legitimate scripts on various web applications including VB 4.2.5. The fix is to create a simple plugin that tells the browser to turn off this feature for the Advanced Editor pages.

                  You can do this in one of two ways, either manually create the plugin or download the attached file and then upload it as a new product in the Admin CP -> Product Manager -> Add New Product.

                  Do one or the other, not both.

                  Manual Instructions:

                  1) Go to Admin CP -> Plugins & Products -> Add New Plugin
                  2) On the plugin page enter the following values:

                  Product: vBulletin
                  Hook Location: editpost_update_start
                  Title: XSS Block Bug Fix
                  Execution Order: 1
                  Plugin PHP Code:
                  Code:
                  //bugfix from vbsupport
                  header('X-XSS-Protection:0');
                  Set Active:Yes

                  Save changes.

                  Or upload the attached .XML file and import it into Product Manager in the Admn CP. There are no settings, it works as soon as it is imported.
                  Fix doesn't work for me? Or are there other issues with latest Chrome?
                  Macht mit beim 2-Wheel-Planet Adventskalender:

                  2WP Adventskalender

                  Comment


                  • #11
                    I just checked my VB 4.2.5 test site with Chrome and this fix and it worked fine with latest version of Chrome browser. Exactly what error are you getting? Can you post a screenshot?

                    Comment

                    Working...
                    X