vBulletin Mods

The Official vBulletin Modifications Site
http://www.vbulletin.org/forum/showthread.php?t=279382

stristr error
by Mases
01 Mar 2012 08:24

I'm getting a very similar error as was mentioned in this thread

I upgraded to ibProArcade v2.7.2+ yesterday and I'm getting this error at the top of the index page of the arcade.

Quote:

Warning: stristr() [function.stristr]: needle is not a string or an integer in [path]/arcade.php on line 5550
The arcade is functional and when I go to play the game, that error is gone. When I go to submit a high score, I see the same error, but on two consecutive lines. My high score is able to submit properly and there doesn't seem to be any noticeable issue... other than the glaring error at the top of the page.

Bluefin221 02 Mar 2012 08:31

Just updated and also have this error.

Hippy 02 Mar 2012 22:58

http://www.vbulletin.org/forum/showp...3&postcount=13

Mases 04 Mar 2012 05:38

@Hippy

I tried those changes and it did not effect this error. The error points to line 5550...

I've looked at the arcade.php file and line 5550 comes up as....


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

The full context of this section is...


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Any help would be appreciated.

Hippy 04 Mar 2012 06:14

compare v2.7.1 and 2.7.2 and remove or comment out that code and the link above
stangger5 posted what will work in replace of till Mrz figures out the issue
it fixes the security issue

I updated 20+ arcade and 1/4 of them don't like this code..
it's a server issue I am guessing

VBDev 07 Mar 2012 18:56

I have used stangger5 fix but was getting the reported issue with stristr on a customer forum.

I did the below edit, code will do the same and is simpler.

In arcade.php search for the ibp_cleansql function, search for

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add below :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then search for :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Comment it out :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add after :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

That does the same but is fairly simpler...

Though I must admit that Mrz fixed the 2.7.1 security issue rather uglily...
That bit of code could remove actual correct content ...

stangger5 08 Mar 2012 01:25

I didnt upgrade to 2.7.2 for just two edits..

My one edit to the arcade.php file and the mod_arcade.php..

So my arcade doesnt have any of the:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

code..

Thanks for the code update VBDev !! :up:

Hippy 08 Mar 2012 04:42

1 Attachment(s)
Quote:

Originally Posted by VBDev (Post 2307204)
I have used stangger5 fix but was getting the reported issue with stristr on a customer forum.

I did the below edit, code will do the same and is simpler.

In arcade.php search for the ibp_cleansql function, search for

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add below :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then search for :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Comment it out :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add after :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

That does the same but is fairly simpler...

Though I must admit that Mrz fixed the 2.7.1 security issue rather uglily...
That bit of code could remove actual correct content ...

so it should like this ?

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I been using stangger5's edit and works on every update I did..
I am just wondering at this moment.. thanks

VBDev 08 Mar 2012 10:53

Yep.

Dunno why but I didn't had that error on my install but a customer had the issue.

Anyways I don't know the root cause of this function but honestly that shouldn't be done like that... It removes potential words from comments for example... That sucks :p

--------------- Added 08 Mar 2012 at 10:53 ---------------

Quote:

Originally Posted by stangger5 (Post 2307284)
I didnt upgrade to 2.7.2 for just two edits..

My one edit to the arcade.php file and the mod_arcade.php..

So my arcade doesnt have any of the:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

code..

Thanks for the code update VBDev !! :up:

But if I do understand those fixed a security issue but I guess you fixed it manually ;)

stangger5 09 Mar 2012 02:11

The security issue was s_id,, which allowed it to be a string when it was supposed to be a int,, that is what allowed the exploit.
Comments should be ok because of the way strings are put in the database..

gsmlover4u 09 Mar 2012 06:35

Quote:

Originally Posted by VBDev (Post 2307204)
I have used stangger5 fix but was getting the reported issue with stristr on a customer forum.

I did the below edit, code will do the same and is simpler.

In arcade.php search for the ibp_cleansql function, search for

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add below :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then search for :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Comment it out :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add after :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

That does the same but is fairly simpler...

Though I must admit that Mrz fixed the 2.7.1 security issue rather uglily...
That bit of code could remove actual correct content ...

there is nothing in arcade.php

VBDev 09 Mar 2012 12:36

Quote:

Originally Posted by stangger5 (Post 2307705)
The security issue was s_id was allowed to be a string when it was supposed to be a int, that is what allowed the exploit.
Comments should be ok because of the way strings are put in the database.

Yeah, hence what I said he over corrected...

IMO, IBProArcade really needs a cleanup of the code one day...

Quote:

Originally Posted by gsmlover4u (Post 2307762)
there is nothing in arcade.php

If you haven't installed 2.7.2 there indeed is nothing.

gsmlover4u 09 Mar 2012 12:50

i installed 2.7.2+

http://www.vbulletin.org/forum/showt...01554&page=442

Hippy 09 Mar 2012 21:41

Quote:

Originally Posted by gsmlover4u (Post 2307851)

confused

gsmlover4u 10 Mar 2012 04:16

why you confused sir


All times are GMT. The time now is 16:23.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©2001 - , vbulletin.org. All rights reserved.