Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 01 Mar 2012, 08:24
Mases Mases is offline
 
Join Date: Jan 2008
stristr error

I'm getting a very similar error as was mentioned in this thread

I upgraded to ibProArcade v2.7.2+ yesterday and I'm getting this error at the top of the index page of the arcade.

Warning: stristr() [function.stristr]: needle is not a string or an integer in [path]/arcade.php on line 5550
The arcade is functional and when I go to play the game, that error is gone. When I go to submit a high score, I see the same error, but on two consecutive lines. My high score is able to submit properly and there doesn't seem to be any noticeable issue... other than the glaring error at the top of the page.
Reply With Quote
Comments
  #2  
Old 02 Mar 2012, 08:31
Bluefin221 Bluefin221 is offline
 
Join Date: Jul 2008
Just updated and also have this error.
Reply With Quote
  #3  
Old 02 Mar 2012, 22:58
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
http://www.vbulletin.org/forum/showp...3&postcount=13
Reply With Quote
  #4  
Old 04 Mar 2012, 05:38
Mases Mases is offline
 
Join Date: Jan 2008
@Hippy

I tried those changes and it did not effect this error. The error points to line 5550...

I've looked at the arcade.php file and line 5550 comes up as....


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

The full context of this section is...


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Any help would be appreciated.
Reply With Quote
  #5  
Old 04 Mar 2012, 06:14
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
compare v2.7.1 and 2.7.2 and remove or comment out that code and the link above
stangger5 posted what will work in replace of till Mrz figures out the issue
it fixes the security issue

I updated 20+ arcade and 1/4 of them don't like this code..
it's a server issue I am guessing
Reply With Quote
  #6  
Old 07 Mar 2012, 18:56
VBDev's Avatar
VBDev VBDev is offline
 
Join Date: Jan 2004
Real name: Clément
I have used stangger5 fix but was getting the reported issue with stristr on a customer forum.

I did the below edit, code will do the same and is simpler.

In arcade.php search for the ibp_cleansql function, search for

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add below :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then search for :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Comment it out :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add after :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

That does the same but is fairly simpler...

Though I must admit that Mrz fixed the 2.7.1 security issue rather uglily...
That bit of code could remove actual correct content ...
Reply With Quote
  #7  
Old 08 Mar 2012, 01:25
stangger5's Avatar
stangger5 stangger5 is offline
 
Join Date: Jan 2005
I didnt upgrade to 2.7.2 for just two edits..

My one edit to the arcade.php file and the mod_arcade.php..

So my arcade doesnt have any of the:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

code..

Thanks for the code update VBDev !!
__________________
vb ibProArcade: Download Game, Game Challenge, Report Game Systems.
15,000+ Games,, and more can be found at: next-level-arcade.com
Reply With Quote
  #8  
Old 08 Mar 2012, 04:42
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Originally Posted by VBDev View Post
I have used stangger5 fix but was getting the reported issue with stristr on a customer forum.

I did the below edit, code will do the same and is simpler.

In arcade.php search for the ibp_cleansql function, search for

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add below :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then search for :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Comment it out :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add after :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

That does the same but is fairly simpler...

Though I must admit that Mrz fixed the 2.7.1 security issue rather uglily...
That bit of code could remove actual correct content ...
so it should like this ?

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I been using stangger5's edit and works on every update I did..
I am just wondering at this moment.. thanks
Attached Files
File Type: zip arcade.zip (41.1 KB, 202 views)

Last edited by Hippy : 29 Apr 2012 at 12:46.
Reply With Quote
  #9  
Old 08 Mar 2012, 10:53
VBDev's Avatar
VBDev VBDev is offline
 
Join Date: Jan 2004
Real name: Clément
Yep.

Dunno why but I didn't had that error on my install but a customer had the issue.

Anyways I don't know the root cause of this function but honestly that shouldn't be done like that... It removes potential words from comments for example... That sucks

--------------- Added 08 Mar 2012 at 10:53 ---------------

Originally Posted by stangger5 View Post
I didnt upgrade to 2.7.2 for just two edits..

My one edit to the arcade.php file and the mod_arcade.php..

So my arcade doesnt have any of the:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

code..

Thanks for the code update VBDev !!
But if I do understand those fixed a security issue but I guess you fixed it manually
Reply With Quote
  #10  
Old 09 Mar 2012, 02:11
stangger5's Avatar
stangger5 stangger5 is offline
 
Join Date: Jan 2005
The security issue was s_id,, which allowed it to be a string when it was supposed to be a int,, that is what allowed the exploit.
Comments should be ok because of the way strings are put in the database..
__________________
vb ibProArcade: Download Game, Game Challenge, Report Game Systems.
15,000+ Games,, and more can be found at: next-level-arcade.com

Last edited by stangger5 : 10 Mar 2012 at 03:57.
Reply With Quote
  #11  
Old 09 Mar 2012, 06:35
gsmlover4u's Avatar
gsmlover4u gsmlover4u is offline
 
Join Date: Jan 2007
Originally Posted by VBDev View Post
I have used stangger5 fix but was getting the reported issue with stristr on a customer forum.

I did the below edit, code will do the same and is simpler.

In arcade.php search for the ibp_cleansql function, search for

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add below :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Then search for :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Comment it out :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add after :

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

That does the same but is fairly simpler...

Though I must admit that Mrz fixed the 2.7.1 security issue rather uglily...
That bit of code could remove actual correct content ...
there is nothing in arcade.php
Reply With Quote
  #12  
Old 09 Mar 2012, 12:36
VBDev's Avatar
VBDev VBDev is offline
 
Join Date: Jan 2004
Real name: Clément
Originally Posted by stangger5 View Post
The security issue was s_id was allowed to be a string when it was supposed to be a int, that is what allowed the exploit.
Comments should be ok because of the way strings are put in the database.
Yeah, hence what I said he over corrected...

IMO, IBProArcade really needs a cleanup of the code one day...

Originally Posted by gsmlover4u View Post
there is nothing in arcade.php
If you haven't installed 2.7.2 there indeed is nothing.
Reply With Quote
  #13  
Old 09 Mar 2012, 12:50
gsmlover4u's Avatar
gsmlover4u gsmlover4u is offline
 
Join Date: Jan 2007
i installed 2.7.2+

http://www.vbulletin.org/forum/showt...01554&page=442
Reply With Quote
  #14  
Old 09 Mar 2012, 21:41
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Originally Posted by gsmlover4u View Post
confused
Reply With Quote
  #15  
Old 10 Mar 2012, 04:16
gsmlover4u's Avatar
gsmlover4u gsmlover4u is offline
 
Join Date: Jan 2007
why you confused sir
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 04:00.

Layout Options | Width: Wide Color: