Announcement

Collapse
No announcement yet.

Manual Security Patch Instructions for VB 4.x.x

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MK_1
    commented on 's reply
    I fully agree with you, but your manual security path instructions are for ALL vB 4.x versions, too?

    So I can't understand why the diff file has an additional step and is not similar to your steps.

  • Mark.B
    replied
    Originally posted by _Avalon_ View Post

    Ok, i passed all instructions above and re-write files. What changes in forum working process now should I notice?
    Nothing, as it is just a patch.

    Leave a comment:


  • _Avalon_
    replied
    Originally posted by Mark.B View Post

    If you are running 4.2.0 you will need to go through the manual instructions.
    Ok, i passed all instructions above and re-write files. What changes in forum working process now should I notice?

    Leave a comment:


  • BirdOPrey5
    replied
    Originally posted by MK_1 View Post
    So you tell me that the diff file is not the latest version? Diff file and Joe's post are 90% similar, just this one step.
    The diff files will work on ALL vBulletin 4.x versions. The diff files were provided because actual patches were not being released for older VB 4.x versions.

    Leave a comment:


  • BirdOPrey5
    replied
    Originally posted by kandhro View Post
    Hello Mark B
    can u plz let me know where are the manual instructions for vb 4.2.0

    regards
    This thread is the manual instructions for VB 4.2.0. They are the same instructions for ALL of VB 4.x.x, the code has not changed in years.

    Leave a comment:


  • MK_1
    replied
    Originally posted by Mark.B View Post
    That's from the diff file...you should follow the instructions in Joe's post.
    So you tell me that the diff file is not the latest version? Diff file and Joe's post are 90% similar, just this one step.

    Leave a comment:


  • kandhro
    replied
    Hello Mark B
    can u plz let me know where are the manual instructions for vb 4.2.0

    regards

    Leave a comment:


  • BirdOPrey5
    replied
    4.2.0 Patch 4 does NOT contain the fix. The only patch version of 4.x that includes the fix is 4.2.2 Patch 1.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by _Avalon_ View Post
    Good day, bit not clear, Is it not enough to rewrite files from Security patch: 4.2.0 Suite PL4?
    If you are running 4.2.0 you will need to go through the manual instructions.

    Leave a comment:


  • _Avalon_
    replied
    Good day, bit not clear, Is it not enough to rewrite files from Security patch: 4.2.0 Suite PL4?

    Leave a comment:


  • Mark.B
    replied
    That's from the diff file...you should follow the instructions in Joe's post.

    Leave a comment:


  • MK_1
    replied
    I guess this part is missing:
    In includes/functions_misc.php
    Code:
    @@ -773,7 +774,7 @@
     */
     function construct_hidden_var_fields($serializedarr)
     {
    -    $temp = unserialize($serializedarr);
    +    $temp = json_decode($serializedarr, true);
     
         if (!is_array($temp))
         {
    http://www.vbulletin.com/forum/forum...x-of-vbulletin

    Leave a comment:


  • BirdOPrey5
    replied
    Originally posted by toon79 View Post
    Function misc is wrong. You have included:
    $string = json_encode($_POST); return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string($string)) . '" />' . "\n"; But haven't removed it from the take out line, the forum doesn't function by following these instructions. If you do this word for word
    . "\n"; is included twice and breaks the forum.
    Hello- the "\n" is there but you need to scroll the code box to the right to see it.

    I will update the instructions to remind people they may need to scroll to see the full line of text.

    Leave a comment:


  • toon79
    replied
    Function misc is wrong. You have included:
    $string = json_encode($_POST); return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string($string)) . '" />' . "\n"; But haven't removed it from the take out line, the forum doesn't function by following these instructions. If you do this word for word
    . "\n"; is included twice and breaks the forum.

    Leave a comment:


  • toon79
    replied
    I gotcha thanks Mark

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X