vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=250920

PHP direct eval problem after 4.07 update
by janaf
21 Sep 2010 12:38

I have a php-direct eval page with some drop-downs and a Submit button on the same page / same code. The page sends POST data to/from itself. It has been up running for a month after help I got here.

Now, after 4.0.7 I have problems

IF I am logged on to the site, I get the following message after hitting the submit button / posting

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I have logged on / off / refreshed several times to confirm. IE8 and FF

If I am NOT logged in, I do not get that message but POST data is not read by the code:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

The variables ($brand and $nominalsize) remain empty.

A secuity token is generated like this.

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

If this is not included, I get a security error message instead.

Any clues?

The page is here:
http://www.41hz.com/forums/content.php?253-TSdb

Lynne 21 Sep 2010 14:32

I keep trying stuff and getting no results. But, to be honest, I have no idea what to select that would give results. Can you tell us what we should select that should give results but isn't.

janaf 21 Sep 2010 15:28

Thanks for looking,

Any selection of drop-downs should be valid, if you use just one single drop-down. For example brand name only (for example Beyma, which there are about 100 record in the db) or nominal size only (for examlpe size 12 which there are about 300 records). The drop-downs are directly based on SQL "Select Distinct" queries on the db, which is a single table, so they must excist, or they would not be in the drop-down.

Selections do not return any results because values of the drop-down POST values are for some reason empty in php now. For example the drop-down named "brand" and the value should be read by:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

But $brand is empty, so the query can not be created as this evaluates to false:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I can also verify this by simply printing $brand but again, it is empty.

I can also verify that by assigning a value to $brand in the code, then all works as expected.

I have also tried adding arguments to the URL, but that does not work either. I think I could do a direct url of type <mypage>&brand=Beyma before, but not now.

And it has worked for a month.....

So my conclusion so far is that something changed that makes this php code invalid:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Any suggestions on alternative ways of reading the posted arguments?

Lynne 21 Sep 2010 19:52

Have you tried just $vbulletin->input->clean_gpc or $db->input->clean_gpc or any other variations there?

ragtek 22 Sep 2010 11:30

what's the code you're using?
Could you post an link to your page so we could check it?

janaf 23 Sep 2010 11:28

Quote:

Originally Posted by Lynne (Post 2101535)
Have you tried just $vbulletin->input->clean_gpc or $db->input->clean_gpc or any other variations there?

I have tried

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

but get
Fatal error: Call to a member function clean_gpc() on a non-object in /var/www/41hz/forums/tsdb/read_post.php on line 2

and

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

which gives:
Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/41hz/forums/tsdb/read_post.php on line 2

and

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Fatal error: Call to undefined function clean_gpc() in /var/www/41hz/forums/tsdb/read_post.php on line 2

--------------- Added 23 Sep 2010 at 11:29 ---------------

Ragtek, you helped me with this one before:
http://www.vbulletin.org/forum/showthread.php?t=249002
It worked.
The link to the site / page is in a previous post.

This code reads the various posted variables:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This creates the drop-downs and form:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This is the main code:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

All looks like the first code part is the problem; the POST variables are not read properly, but empty.

Right now, the code types out the query string on the web page, at the bottom, to verify this.

janaf 01 Oct 2010 11:05

I have found now that this is a caching problem. Not solved. There is cached content displayed, even when the cache time has been set to zero, and POST arguments have changed.

A new thread, trying to isolate the problem, not yet solved:

http://www.vbulletin.org/forum/showthread.php?t=251402


All times are GMT. The time now is 09:30.

Powered by vBulletin® Version 3.8.14
Copyright © 2020, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.