Announcement

Collapse
No announcement yet.

All known VB 4.2.5 bug fixes (combined.)

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • All known VB 4.2.5 bug fixes (combined.)

    As VB 4.2.5 is likely the last release of VB 4.x other than security patches any bug fixes found will need to be manually applied. This thread will be the home of all know VB 4.2.5 bug fixes.


    The first fix is for Social Group Picture Uploading:

    A customer found and identified the reason for bug affecting the uploading of images to social groups in VB 4.2.5. In short, you can not upload new images to social groups in VB 4.2.5, you end up with a white page.

    A quick fix is to edit the group.php file.

    On or about line 3672

    Currently is:
    PHP Code:
    if ((!empty($_POST['do']) AND $_POST['do'] == 'insertpictures') OR $_REQUEST['do'] == 'addpictures'
    Change it to:
    PHP Code:
    if ((!empty($_POST['do']) AND ($_POST['do'] == 'insertpictures') OR $_REQUEST['do'] == 'addpictures') OR ($_POST['do'] == 'updatepictures')) 
    Tested on my own VB 4.2.5 board it seems to fix the issue.

    As it is unlikely there will be an official fix you should make note of this and any file customizations you do to your site in case you ever need to restore default VB 4.2.5 files.

    Also be sure to use a code editor and not windows notepad to edit PHP files.

    JIRA report: http://tracker.vbulletin.com/browse/VBIV-16307
    Last edited by Joe D.; Fri 11th Aug '17, 9:48am.

  • #2
    Issue: Timezones that are partial hours (15, 30, 45 minutes) different from GMT do not work in VB 4.2.5.


    A fix that resolves most of the issue. Calendar events will still not be correct if the time of the event is entered by someone from one of these time zones that aren't whole hours different from GMT.


    At or about line 4503 of /includes/functions.php

    Change:

    Code:
    $tzos = intval($vbulletin->userinfo['timezoneoffset']);
    to

    Code:
    $tzos = floatval($vbulletin->userinfo['timezoneoffset']);
    There hasn't been a lot of testing. If you notice any new problems please post them ASAP at https://www.vbulletin.org/forum/showthread.php?t=325494

    Comment


    • #3
      Advanced Post Editing fix for Google Chrome based browsers.

      An change in Google Chrome meant to protect sites from cross-site-scripting (XSS) exploits is backfiring and blocking legitimate scripts on various web applications including VB 4.2.5. The fix is to create a simple plugin that tells the browser to turn off this feature for the Advanced Editor pages.

      You can do this in one of two ways, either manually create the plugin or download the attached file and then upload it as a new product in the Admin CP -> Product Manager -> Add New Product.

      Do one or the other, not both.

      Manual Instructions:

      1) Go to Admin CP -> Plugins & Products -> Add New Plugin
      2) On the plugin page enter the following values:

      Product: vBulletin
      Hook Location: editpost_update_start
      Title: XSS Block Bug Fix
      Execution Order: 1
      Plugin PHP Code:
      Code:
      //bugfix from vbsupport
      header('X-XSS-Protection:0');
      Set Active:Yes

      Save changes.

      Or upload the attached .XML file and import it into Product Manager in the Admn CP. There are no settings, it works as soon as it is imported.
      Attached Files
      Last edited by Joe D.; Thu 9th Nov '17, 9:51am.

      Comment


      • scylla22
        scylla22 commented
        Editing a comment
        Do we need to do this if our site runs HTTPS?

      • Joe D.
        Joe D. commented
        Editing a comment
        Honestly I don't know, I would do it anyway.

    • #4
      I found a bug on the mobile template, when used with Chrome. The description and working correction can be found in this thread.

      There are still some minor issues with the mobile template. Some pages have a lot of white space after the forum content. It would be great if you could post a fix for that, as well.
      Regards

      Peter Walker
      http://www.rifeforum.com

      Comment


      • #5
        Also this:

        Running vBulletin 4.2.5 with PHP7.1...

        I normally have warnings suppressed but needed to display them while troubleshooting something and when I do I see this in the AdminCP User Manager just after Image Options and before User Profile Fields:

        Code:
        PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 589
        
        PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 592
        
        PHP Warning: Illegal string offset 'usergroupid' in ..../includes/functions.php on line 532
        
        PHP Warning: Illegal string offset 'usergroupid' in ..../includes/functions.php on line 598
        
        PHP Warning: Illegal string offset 'userid' in ..../includes/functions.php on line 598
        The lines in question are:

        Code:
        589 if (!is_array($user_memberships["$userinfo[userid]"]) OR !$cache)
        
        592 user_memberships["$userinfo[userid]"] = fetch_membergroupids_array($userinfo);
        
        532 $membergroups[] = $user['usergroupid'];
        
        598 if ($userinfo['usergroupid'] == $usergroupid OR in_array($usergroupid, $user_memberships["$userinfo[userid]"]))
        In case it's relevant, I do have some custom fields in the user profiles.

        Suggestions for how to fix this?
        Psychlinks Mental Health Support Forum
        Local Search Forum

        Comment


        • #6
          Please note this isn't a thread for support questions, it is for known and verified fixes to be posted. We will not be answering support questions here. Please start a new thread if you need support. Thanks.
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.5.2 Demo
          AdminAmmo - My Cloud Demo

          Comment


          • #7
            Basically you should just be suppressing warnings, there is no simple fix for this and it isn't really an error just a change in how PHP worked between 5.3.x and 5.4.x.

            Comment


            • #8
              Thanks, Joe.
              Psychlinks Mental Health Support Forum
              Local Search Forum

              Comment


              • #9
                Note- Due to potential for exploit you should not be using ImageMagick as the Image Processing Library. (The exploit is in ImageMagick code, not vBulletin.) However by default vBulletin is set to use the GD image library so the majority of customers should be safe. To be sure go to the Admin CP -> Settings -> Options -> Image Settings and and make sure GD is used. If you have an error uploading images after changing make your PHP is configured to have the GD library.

                This is true for all VB 3.x and 4.x versions.

                Comment


                • #10
                  Originally posted by Joe D. View Post
                  Advanced Post Editing fix for Google Chrome based browsers.

                  An change in Google Chrome meant to protect sites from cross-site-scripting (XSS) exploits is backfiring and blocking legitimate scripts on various web applications including VB 4.2.5. The fix is to create a simple plugin that tells the browser to turn off this feature for the Advanced Editor pages.

                  You can do this in one of two ways, either manually create the plugin or download the attached file and then upload it as a new product in the Admin CP -> Product Manager -> Add New Product.

                  Do one or the other, not both.

                  Manual Instructions:

                  1) Go to Admin CP -> Plugins & Products -> Add New Plugin
                  2) On the plugin page enter the following values:

                  Product: vBulletin
                  Hook Location: editpost_update_start
                  Title: XSS Block Bug Fix
                  Execution Order: 1
                  Plugin PHP Code:
                  Code:
                  //bugfix from vbsupport
                  header('X-XSS-Protection:0');
                  Set Active:Yes

                  Save changes.

                  Or upload the attached .XML file and import it into Product Manager in the Admn CP. There are no settings, it works as soon as it is imported.
                  Fix doesn't work for me? Or are there other issues with latest Chrome?
                  Macht mit beim 2-Wheel-Planet Adventskalender:

                  2WP Adventskalender

                  Comment


                  • #11
                    I just checked my VB 4.2.5 test site with Chrome and this fix and it worked fine with latest version of Chrome browser. Exactly what error are you getting? Can you post a screenshot?

                    Comment


                    • #12
                      "

                      ( Maybe something like a "rough draft" at the moment ..? )


                      These are maybe something like some things that still haven't been addressed or fixed in a certain kind of a way in Vbulletin 4.2.5 "officially" in a certain kind of a way yet at the moment?


                      "

                      Comment


                      • #13
                        Originally posted by WriteToEnlight View Post
                        "

                        ( Maybe something like a "rough draft" at the moment ..? )


                        These are maybe something like some things that still haven't been addressed or fixed in a certain kind of a way in Vbulletin 4.2.5 "officially" in a certain kind of a way yet at the moment?


                        "
                        The issues you are experiencing in your thread are nothing to do with the software and everything to do with the server(s) you are running, as I've just explained in the thread.

                        If the software had bugs of the nature you are referring to, we would have hundreds if not thousands of customers reporting them. It is certainly not a 'rough draft', having been released in 2009 and extensively developed up until 2016 when all focus moved to vBulletin 5.

                        It is also worth noting that vBulletin 4 is end of life (from a development perspective) and no further development work will be carried out on it.
                        MARK.B | vBULLETIN SUPPORT

                        TalkNewsUK - My vBulletin 5.5.2 Demo
                        AdminAmmo - My Cloud Demo

                        Comment


                        • #14
                          "

                          ( Maybe something like a "rough draft" at the moment ...? )


                          Maybe something like a current issue in Vbulletin 4.2.5 ?

                          Section Widget Title - Section Title Display ?

                          Click image for larger version

Name:	Vbulletin 425 Issue 1 2019-06-18.png
Views:	111
Size:	66.5 KB
ID:	4417090

                          "
                          Last edited by WriteToEnlight; Tue 18th Jun '19, 5:52pm.

                          Comment


                          • #15
                            You can easily change that yourself, and indeed you are meant to do so.
                            As stated, no further work will be done on vBulletin 4. It is end of life.
                            MARK.B | vBULLETIN SUPPORT

                            TalkNewsUK - My vBulletin 5.5.2 Demo
                            AdminAmmo - My Cloud Demo

                            Comment

                            Related Topics

                            Collapse

                            Working...
                            X