Announcement

Collapse
No announcement yet.

Manual Security Patch Instructions for VB 4.x.x

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joe D.
    replied
    Originally posted by r.decher View Post
    An upgrade is not always an option.

    By the way, this error occurs even after a fresh/clean installation of a 4.2.2 PL1, so it's obviously a bug regarding the latest changes.
    Thanks for the clarification- I have entered a bug report here- http://tracker.vbulletin.com/browse/VBIV-15954

    Leave a comment:


  • r.decher
    replied
    An upgrade is not always an option.

    By the way, this error occurs even after a fresh/clean installation of a 4.2.2 PL1, so it's obviously a bug regarding the latest changes.

    Leave a comment:


  • Joe D.
    replied
    Originally posted by Gripi View Post
    Hi..

    I already try to add new style and tried to perform the delete action using that new style, but still got same error msg when try to delete thread / post with password verification, but no problem if no need password verification.

    I would suggest you upgrade to VB 4.2.2 PL1.


    Originally posted by jkal View Post
    Good Afternoon,

    Running 4.2.2 - download and patched the couple of files as mentioned. (includes folder, forumdisplay.php, and login.php)

    After patching, my forum seems to be "broken"

    The following warnings / errors occur:


    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 310

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 310

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 402

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 462

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 462

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/functions_newpost.php on line 200

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bbcode_alt.php on line 522


    Any help would be greatly appreciated! Thanks!
    This thread is not for support of people running 4.2.2 or downloaded the patch- this is for help with maual patch instructions in older versions. However it looks like you are running PHP 5.5.x which is not supported. If you need more help create new topic please.


    Originally posted by r.decher View Post
    Ok, i've got an other problem after applying the patch manually (4.2.0 PL3):

    When merging two posts it sometimes results in an error message like "The message you have entered is too short. Please lengthen your message to at least 1 characters."

    That's because after input my password for verification the editor is empty.

    After some research i found out that postvars["message"] is "null".
    json_encode expects the first parameter to be UTF-8 encoded otherwise it can results in a null value.

    I think you can never be sure that the message is UTF-8 compliant depending on language or database charset, i don't know.

    This error only occurs after the password verification...
    Please upgrade to 4.2.2 PL1.

    Leave a comment:


  • r.decher
    replied
    Ok, i've got an other problem after applying the patch manually (4.2.0 PL3):

    When merging two posts it sometimes results in an error message like "The message you have entered is too short. Please lengthen your message to at least 1 characters."

    That's because after input my password for verification the editor is empty.

    After some research i found out that postvars["message"] is "null".
    json_encode expects the first parameter to be UTF-8 encoded otherwise it can results in a null value.

    I think you can never be sure that the message is UTF-8 compliant depending on language or database charset, i don't know.

    This error only occurs after the password verification...

    Leave a comment:


  • jkal
    replied
    Good Afternoon,

    Running 4.2.2 - download and patched the couple of files as mentioned. (includes folder, forumdisplay.php, and login.php)

    After patching, my forum seems to be "broken"

    The following warnings / errors occur:


    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 310

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 310

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 402

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 462

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 462

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_wysiwygparser.php on line 798

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/functions_newpost.php on line 200

    Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bbcode_alt.php on line 522


    Any help would be greatly appreciated! Thanks!

    Leave a comment:


  • Gripi
    replied
    Hi..

    I already try to add new style and tried to perform the delete action using that new style, but still got same error msg when try to delete thread / post with password verification, but no problem if no need password verification.

    Leave a comment:


  • Joe D.
    replied
    Hello- We know many people have succesfully done this patch on VB 4.2.1. Your issue is either due to a custom style or a typo perhaps while making the file edits.
    I would first recommend trying with the default style and see if you still get the error. If you do i would restore to the original 4.2.1 files and try the manual patch again.

    To get the default style go to Admin CP -> Styles & Templates -> Style Manager -> Add New Style and create a new style with no parent style. This will be the default style.

    Then go to Admin CP -> Settings -> Options -> Style & Language Settings and give permission for users to change styles (if it was disabled) so you can change to the default style to test it.

    Leave a comment:


  • Gripi
    replied
    Originally posted by Joe D. View Post
    OK... I missed a step when converting the Diff files into manual instructions. MK_1 noticed this way back on the first page but I did not.

    Anyone who has already made the changes needs to go back and do one more. I have updated the original instructions so anyone making from here on out is OK.

    Go back to the /includes/functions_misc.php file

    Find the code:
    Code:
    $temp = unserialize($serializedarr);
    Replace with:
    Code:
    $temp = json_decode($serializedarr, true);
    And save changes.

    This will fix the "Invalid Action Specified" bug with in-line moderation.

    Sorry all - my bad.
    Hello..

    Before i applied this one above, i always got the invalid action specified message when try to delete a thread (after inputing the password verication).

    But no error if the vbulletin system didnt ask password verication to perform an action.

    After applying the code above, i got this error msg right now:
    vBulletin Message
    Your submission could not be processed because a security token was missing.

    If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.



    I'm using 4.2.1 PL1

    Leave a comment:


  • donald1234
    replied
    No, PL1 stands for patch level 1

    Leave a comment:


  • clubpromos
    replied
    I may have missed an answer or misread something but:
    If I just upgraded to VB 4.2.2 PL1, do I still need to apply the patch?

    Thanks

    Leave a comment:


  • Joe D.
    replied
    Hello,

    I see you are on VB 4.1.4. You can download a fresh set of 4.1.4 files from the Member's Area and upload them to restore your files back to the original versions.

    If you want to re-try the code in this thread you can, otherwise I would suggest you upgrade to VB 4.2.2 which will have the patch already included.

    Leave a comment:


  • PartiBoi
    replied
    Yes I removed the patch, when I initially done the patch the online list was messed up and then the login part the words also messed up. wasn't like this BEFORE the patch and I have only touched the files it said too. so I get what you're saying that nothing should effect the style but it did.

    Leave a comment:


  • Joe D.
    replied
    Have you removed the code? There is nothing in the code changes that should affect styles. I would suggest you test it with the default style.

    Leave a comment:


  • PartiBoi
    commented on 's reply
    No error codes, am running 4.1.4

  • Joe D.
    replied
    Is there a warning or error at the very top of your screen? It may be hidden if your header is dark/black- highlight it with the mouse to tell for sure.
    What version of VB 4.x do you have?

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X