Announcement

Collapse
No announcement yet.

Manual Security Patch Instructions for VB 4.x.x

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    I did several searches....and I have not found an answer.

    My site is currently running 4.2.2 and has been successfully since 1 day after 4.2.2 came out.

    I have been very busy and have not had the time to apply the 4.2.2 PL1 Patch. I just downloaded it...and I would like to confirm that all I have to do is UPLOAD the files that are inside of what I downloaded and that will be that.....the PATCH will be applied?????

    I have to following files inside of this download:

    forumdisplay.php
    login.php

    Then I have a folder named: includes INSIDE of that folder I have the following:

    functions_login.php
    finctions_misc.php
    functions.php
    version_vbulletin.php




    Just upload those files and over write the existing files and I am done?????

    Let me know...

    And thank you so much for your support and for watching out for all of us....I am NEVER angry when you come out with something like this...I just truly appreciate it and highly respect all that you do!!!

    Yours,

    Kirk

    Comment


    • #62
      Originally posted by voclain View Post
      I did several searches....and I have not found an answer.

      My site is currently running 4.2.2 and has been successfully since 1 day after 4.2.2 came out.

      I have been very busy and have not had the time to apply the 4.2.2 PL1 Patch. I just downloaded it...and I would like to confirm that all I have to do is UPLOAD the files that are inside of what I downloaded and that will be that.....the PATCH will be applied?????

      I have to following files inside of this download:

      forumdisplay.php
      login.php

      Then I have a folder named: includes INSIDE of that folder I have the following:

      functions_login.php
      finctions_misc.php
      functions.php
      version_vbulletin.php




      Just upload those files and over write the existing files and I am done?????

      Let me know...

      And thank you so much for your support and for watching out for all of us....I am NEVER angry when you come out with something like this...I just truly appreciate it and highly respect all that you do!!!

      Yours,

      Kirk
      If you are already running 4.2.2 then yes, that is all you need to do.
      MARK.B | vBULLETIN SUPPORT

      TalkNewsUK - My vBulletin 5.6.3 Demo
      AdminAmmo - My Cloud Demo

      Comment


      • #63
        Originally posted by Mark.B View Post
        If you are already running 4.2.2 then yes, that is all you need to do.
        Thank you for making this so easy for us to do!!!

        Kirk

        Comment


        • #64
          Ok so Installed this lastnight and it messed up my forum.

          see the picture my online list is jumbled up. please let me know what I can do to fix it.

          Comment


          • #65
            Is there a warning or error at the very top of your screen? It may be hidden if your header is dark/black- highlight it with the mouse to tell for sure.
            What version of VB 4.x do you have?

            Comment


            • PartiBoi
              PartiBoi commented
              Editing a comment
              No error codes, am running 4.1.4

          • #66
            Have you removed the code? There is nothing in the code changes that should affect styles. I would suggest you test it with the default style.

            Comment


            • #67
              Yes I removed the patch, when I initially done the patch the online list was messed up and then the login part the words also messed up. wasn't like this BEFORE the patch and I have only touched the files it said too. so I get what you're saying that nothing should effect the style but it did.

              Comment


              • #68
                Hello,

                I see you are on VB 4.1.4. You can download a fresh set of 4.1.4 files from the Member's Area and upload them to restore your files back to the original versions.

                If you want to re-try the code in this thread you can, otherwise I would suggest you upgrade to VB 4.2.2 which will have the patch already included.

                Comment


                • #69
                  I may have missed an answer or misread something but:
                  If I just upgraded to VB 4.2.2 PL1, do I still need to apply the patch?

                  Thanks

                  Comment


                  • #70
                    No, PL1 stands for patch level 1

                    Comment


                    • #71
                      Originally posted by Joe D. View Post
                      OK... I missed a step when converting the Diff files into manual instructions. MK_1 noticed this way back on the first page but I did not.

                      Anyone who has already made the changes needs to go back and do one more. I have updated the original instructions so anyone making from here on out is OK.

                      Go back to the /includes/functions_misc.php file

                      Find the code:
                      Code:
                      $temp = unserialize($serializedarr);
                      Replace with:
                      Code:
                      $temp = json_decode($serializedarr, true);
                      And save changes.

                      This will fix the "Invalid Action Specified" bug with in-line moderation.

                      Sorry all - my bad.
                      Hello..

                      Before i applied this one above, i always got the invalid action specified message when try to delete a thread (after inputing the password verication).

                      But no error if the vbulletin system didnt ask password verication to perform an action.

                      After applying the code above, i got this error msg right now:
                      vBulletin Message
                      Your submission could not be processed because a security token was missing.

                      If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.



                      I'm using 4.2.1 PL1

                      Comment


                      • #72
                        Hello- We know many people have succesfully done this patch on VB 4.2.1. Your issue is either due to a custom style or a typo perhaps while making the file edits.
                        I would first recommend trying with the default style and see if you still get the error. If you do i would restore to the original 4.2.1 files and try the manual patch again.

                        To get the default style go to Admin CP -> Styles & Templates -> Style Manager -> Add New Style and create a new style with no parent style. This will be the default style.

                        Then go to Admin CP -> Settings -> Options -> Style & Language Settings and give permission for users to change styles (if it was disabled) so you can change to the default style to test it.

                        Comment


                        • #73
                          Hi..

                          I already try to add new style and tried to perform the delete action using that new style, but still got same error msg when try to delete thread / post with password verification, but no problem if no need password verification.

                          Comment


                          • #74
                            Good Afternoon,

                            Running 4.2.2 - download and patched the couple of files as mentioned. (includes folder, forumdisplay.php, and login.php)

                            After patching, my forum seems to be "broken"

                            The following warnings / errors occur:


                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 310

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 310

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 402

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 462

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 462

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/functions_newpost.php on line 200

                            Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bbcode_alt.php on line 522


                            Any help would be greatly appreciated! Thanks!

                            Comment


                            • #75
                              Ok, i've got an other problem after applying the patch manually (4.2.0 PL3):

                              When merging two posts it sometimes results in an error message like "The message you have entered is too short. Please lengthen your message to at least 1 characters."

                              That's because after input my password for verification the editor is empty.

                              After some research i found out that postvars["message"] is "null".
                              json_encode expects the first parameter to be UTF-8 encoded otherwise it can results in a null value.

                              I think you can never be sure that the message is UTF-8 compliant depending on language or database charset, i don't know.

                              This error only occurs after the password verification...

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X