Issue with vB 5.5.0

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Wolfee
    New Member
    • Dec 2009
    • 9
    • 5.3.x
    #1

    [Bug / Issue] Issue with vB 5.5.0

    Hi I have installed vBulletin 5.5.0 onto my test server and upgraded from 4.2.5 and My server locked me out with bitninja erros in the admin panel when updating a template.

    Web Server Apache v2.4.37
    PHP 7.1.25


    They said the script template.php is doing a PHP Injection and have sent me this infomation..


    I have also included a screen shot of the tempalte I edited and tried to save.











    can anyone tell me why this is happening as its stopping me using the forum software. thanks
    Last edited by Wolfee; Mon 28 Jan '19, 6:05am.
    Tags: None
    • Wayne Luke
      vBulletin Technical Support Lead
      • Aug 2000
      • 74132
      #2
      The entire point of template.php is to inject HTML into the database. It also converts that HTML into functional PHP and injects that into the database. Many parts of the AdminCP will place HTML into the database. One of three things will have to happen:
      1. Your hosting provider will need to whitelist the /core/admincp directory.
      2. You won't be able to edit templates or customize your forum in anyway.
      3. You'll need to find a new hosting provider.
      Not sure why this wasn't triggered under vBulletin 4.2.5 as this functionality has not changed in almost two decades.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

        Comment

        • Wolfee
          New Member
          • Dec 2009
          • 9
          • 5.3.x
          #3
          Thanks Wayne,

          I have emailed your reply to them and see what their response is and if its not what I need then I will get a refund and move hosts.

          Thanks. Another quick question. Is the ---* icons supposed to show for the tab press..

            Comment

            • Wayne Luke
              vBulletin Technical Support Lead
              • Aug 2000
              • 74132
              #4
              Originally posted by Wolfee
              Is the ---* icons supposed to show for the tab press..
              Yes. The system is supposed to show the white space when editing templates. There are times when it matters.

              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API

                Comment

                • Kevin Sours
                  Lead Developer
                  • Apr 2008
                  • 601
                  • 5.5.x
                  #5
                  So what it's objecting to here is that the vBulletin template language uses PHP snippets in places. It's detecting that as a nefarious attempt to inject PHP into your database. Given that the templates are ultimately compiled to custom PHP code, that's not far off what you are doing.

                  What's perplexing is that the template language hasn't changed *that* much from vB4 to vB5. All I can think is that somehow the vB4 templates stayed below the threshold and this vB5 template didn't.

                    Comment

                    Previous template Next

                    Related Topics

                    Collapse
                    Working...