Tweet
I got the notice about the hacking activity and since I have a number of hacks in place, I need to apply the security fix for my current version. (I am actually working through my hacks to get up to vb3, but it is taking some time). Since I have hacked on calendar.php, I wanted to look and see what the fixes were and then just apply those to my hacked version. I see the addition of the $eventid = intval($eventid), which I already had applied from a previous security alert (and is my guess for what the hackers are using), but was puzzled, because another update that I thought was security related (the conversion of ampersands in the calendar.php redirects to '&') was not included in the released file. Is the latter a necessary security fix? Is the former (the intval) the only thing I need to ensure I've applied to lock down this particular file? As I said above, I realize I need to upgrade and am working on it, but obviously the patch is going to be a faster way to secure my site than an upgrade.
-
-
Excellent. Thanks for the quick reply, Scott.Comment
-
how to do the patch?
This is my first experience with patching vBulletin. I'm running vBulletin 2.2.9.
I downloaded the appropriate patch and the file is named calendar-2[1].2.5-2.9.9.php.
My first question is, am I supposed to rename that file to calendar.php?
I understand I'm supposed to replace my old calendar.php. I did a search on my web server and I found 2: one in C:\inetpub\Users\songwriters\forums\
and the other in C:\inetpub\Users\songwriters\includes\blocks
Do I replace both?
Thank you
Clueless
Dan
Comment
-
Rename the file to calendar.php and place it in your forums folder.Comment
-
Thank you, Freddie
I'll do it,
Thanks
Comment
-
I'm just curious as to whether Vb 5 updates are necessary. My forum is pretty much done in its current version 5.1.9. I realize that if new features are offered then I will not have them. My question...Wed 21 Oct '15, 2:02pm
Comment