Announcement

Collapse
No announcement yet.

Issue with vB 5.5.0

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Bug / Issue] Issue with vB 5.5.0

    Hi I have installed vBulletin 5.5.0 onto my test server and upgraded from 4.2.5 and My server locked me out with bitninja erros in the admin panel when updating a template.

    Web Server Apache v2.4.37
    PHP 7.1.25


    They said the script template.php is doing a PHP Injection and have sent me this infomation..


    I have also included a screen shot of the tempalte I edited and tried to save.











    can anyone tell me why this is happening as its stopping me using the forum software. thanks
    Last edited by Wolfee; Mon 28 Jan '19, 6:05am.

  • #2
    The entire point of template.php is to inject HTML into the database. It also converts that HTML into functional PHP and injects that into the database. Many parts of the AdminCP will place HTML into the database. One of three things will have to happen:
    1. Your hosting provider will need to whitelist the /core/admincp directory.
    2. You won't be able to edit templates or customize your forum in anyway.
    3. You'll need to find a new hosting provider.
    Not sure why this wasn't triggered under vBulletin 4.2.5 as this functionality has not changed in almost two decades.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #3
      Thanks Wayne,

      I have emailed your reply to them and see what their response is and if its not what I need then I will get a refund and move hosts.

      Thanks. Another quick question. Is the ---* icons supposed to show for the tab press..

      Comment


      • #4
        Originally posted by Wolfee View Post
        Is the ---* icons supposed to show for the tab press..
        Yes. The system is supposed to show the white space when editing templates. There are times when it matters.

        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment


        • #5
          So what it's objecting to here is that the vBulletin template language uses PHP snippets in places. It's detecting that as a nefarious attempt to inject PHP into your database. Given that the templates are ultimately compiled to custom PHP code, that's not far off what you are doing.

          What's perplexing is that the template language hasn't changed *that* much from vB4 to vB5. All I can think is that somehow the vB4 templates stayed below the threshold and this vB5 template didn't.

          Comment

          Related Topics

          Collapse

          Working...
          X