Announcement

Collapse
No announcement yet.

All known VB 4.2.5 bug fixes (combined.)

Collapse
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joe D.
    started a topic All known VB 4.2.5 bug fixes (combined.)

    All known VB 4.2.5 bug fixes (combined.)

    As VB 4.2.5 is likely the last release of VB 4.x other than security patches any bug fixes found will need to be manually applied. This thread will be the home of all know VB 4.2.5 bug fixes.


    The first fix is for Social Group Picture Uploading:

    A customer found and identified the reason for bug affecting the uploading of images to social groups in VB 4.2.5. In short, you can not upload new images to social groups in VB 4.2.5, you end up with a white page.

    A quick fix is to edit the group.php file.

    On or about line 3672

    Currently is:
    PHP Code:
    if ((!empty($_POST['do']) AND $_POST['do'] == 'insertpictures') OR $_REQUEST['do'] == 'addpictures'
    Change it to:
    PHP Code:
    if ((!empty($_POST['do']) AND ($_POST['do'] == 'insertpictures') OR $_REQUEST['do'] == 'addpictures') OR ($_POST['do'] == 'updatepictures')) 
    Tested on my own VB 4.2.5 board it seems to fix the issue.

    As it is unlikely there will be an official fix you should make note of this and any file customizations you do to your site in case you ever need to restore default VB 4.2.5 files.

    Also be sure to use a code editor and not windows notepad to edit PHP files.

    JIRA report: http://tracker.vbulletin.com/browse/VBIV-16307
    Last edited by Joe D.; Fri 11th Aug '17, 9:48am.

  • Joe D.
    commented on 's reply
    Honestly I don't know, I would do it anyway.

  • scylla22
    commented on 's reply
    Do we need to do this if our site runs HTTPS?

  • Joe D.
    replied
    I just checked my VB 4.2.5 test site with Chrome and this fix and it worked fine with latest version of Chrome browser. Exactly what error are you getting? Can you post a screenshot?

    Leave a comment:


  • MK_1
    replied
    Originally posted by Joe D. View Post
    Advanced Post Editing fix for Google Chrome based browsers.

    An change in Google Chrome meant to protect sites from cross-site-scripting (XSS) exploits is backfiring and blocking legitimate scripts on various web applications including VB 4.2.5. The fix is to create a simple plugin that tells the browser to turn off this feature for the Advanced Editor pages.

    You can do this in one of two ways, either manually create the plugin or download the attached file and then upload it as a new product in the Admin CP -> Product Manager -> Add New Product.

    Do one or the other, not both.

    Manual Instructions:

    1) Go to Admin CP -> Plugins & Products -> Add New Plugin
    2) On the plugin page enter the following values:

    Product: vBulletin
    Hook Location: editpost_update_start
    Title: XSS Block Bug Fix
    Execution Order: 1
    Plugin PHP Code:
    Code:
    //bugfix from vbsupport
    header('X-XSS-Protection:0');
    Set Active:Yes

    Save changes.

    Or upload the attached .XML file and import it into Product Manager in the Admn CP. There are no settings, it works as soon as it is imported.
    Fix doesn't work for me? Or are there other issues with latest Chrome?

    Leave a comment:


  • Joe D.
    replied
    Note- Due to potential for exploit you should not be using ImageMagick as the Image Processing Library. (The exploit is in ImageMagick code, not vBulletin.) However by default vBulletin is set to use the GD image library so the majority of customers should be safe. To be sure go to the Admin CP -> Settings -> Options -> Image Settings and and make sure GD is used. If you have an error uploading images after changing make your PHP is configured to have the GD library.

    This is true for all VB 3.x and 4.x versions.

    Leave a comment:


  • djbaxter
    replied
    Thanks, Joe.

    Leave a comment:


  • Joe D.
    replied
    Basically you should just be suppressing warnings, there is no simple fix for this and it isn't really an error just a change in how PHP worked between 5.3.x and 5.4.x.

    Leave a comment:


  • Mark.B
    replied
    Please note this isn't a thread for support questions, it is for known and verified fixes to be posted. We will not be answering support questions here. Please start a new thread if you need support. Thanks.

    Leave a comment:


  • djbaxter
    replied
    Also this:

    Running vBulletin 4.2.5 with PHP7.1...

    I normally have warnings suppressed but needed to display them while troubleshooting something and when I do I see this in the AdminCP User Manager just after Image Options and before User Profile Fields:

    Code:
    PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 589
    
    PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 592
    
    PHP Warning: Illegal string offset 'usergroupid' in ..../includes/functions.php on line 532
    
    PHP Warning: Illegal string offset 'usergroupid' in ..../includes/functions.php on line 598
    
    PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 598
    The lines in question are:

    Code:
    589 if (!is_array($user_memberships["$userinfo[userid]"]) OR !$cache)
    
    592 user_memberships["$userinfo[userid]"] = fetch_membergroupids_array($userinfo);
    
    532 $membergroups[] = $user['usergroupid'];
    
    598 if ($userinfo['usergroupid'] == $usergroupid OR in_array($usergroupid, $user_memberships["$userinfo[userid]"]))
    In case it's relevant, I do have some custom fields in the user profiles.

    Suggestions for how to fix this?

    Leave a comment:


  • Peter Walker
    replied
    I found a bug on the mobile template, when used with Chrome. The description and working correction can be found in this thread.

    There are still some minor issues with the mobile template. Some pages have a lot of white space after the forum content. It would be great if you could post a fix for that, as well.

    Leave a comment:


  • Joe D.
    replied
    Advanced Post Editing fix for Google Chrome based browsers.

    An change in Google Chrome meant to protect sites from cross-site-scripting (XSS) exploits is backfiring and blocking legitimate scripts on various web applications including VB 4.2.5. The fix is to create a simple plugin that tells the browser to turn off this feature for the Advanced Editor pages.

    You can do this in one of two ways, either manually create the plugin or download the attached file and then upload it as a new product in the Admin CP -> Product Manager -> Add New Product.

    Do one or the other, not both.

    Manual Instructions:

    1) Go to Admin CP -> Plugins & Products -> Add New Plugin
    2) On the plugin page enter the following values:

    Product: vBulletin
    Hook Location: editpost_update_start
    Title: XSS Block Bug Fix
    Execution Order: 1
    Plugin PHP Code:
    Code:
    //bugfix from vbsupport
    header('X-XSS-Protection:0');
    Set Active:Yes

    Save changes.

    Or upload the attached .XML file and import it into Product Manager in the Admn CP. There are no settings, it works as soon as it is imported.
    Attached Files
    Last edited by Joe D.; Thu 9th Nov '17, 9:51am.

    Leave a comment:


  • Joe D.
    replied
    Issue: Timezones that are partial hours (15, 30, 45 minutes) different from GMT do not work in VB 4.2.5.


    A fix that resolves most of the issue. Calendar events will still not be correct if the time of the event is entered by someone from one of these time zones that aren't whole hours different from GMT.


    At or about line 4503 of /includes/functions.php

    Change:

    Code:
    $tzos = intval($vbulletin->userinfo['timezoneoffset']);
    to

    Code:
    $tzos = floatval($vbulletin->userinfo['timezoneoffset']);
    There hasn't been a lot of testing. If you notice any new problems please post them ASAP at https://www.vbulletin.org/forum/showthread.php?t=325494

    Leave a comment:

Related Topics

Collapse

Working...
X