I reported a XSS vulnerability via the Bug Report form but I didn't get a confirmation that it was sent.
Can I get a dev to verify it was successfully received?
Sent @ ~2:15am EST on 5/4/09
You are not logged in. Please login or register.
PunBB Forums → Posts by slickplaid
I reported a XSS vulnerability via the Bug Report form but I didn't get a confirmation that it was sent.
Can I get a dev to verify it was successfully received?
Sent @ ~2:15am EST on 5/4/09
This extension no longer works for me in 1.3.3.
It worked perfectly before the upgrade. Was there something changed that could have broken it?
slickplaid wrote:You put both
if(!$forum_user['is_guest']) {
and the trailing
}
at the end?
Yes, the only difference between what you said and gave me, was that the lines @ 38, not 150.
Try only putting it around the javascript includes:
if(!$forum_user['is_guest']) { // this will remove the chat for users that aren't logged in
$forum_head['prototypejs'] = '<script type="text/javascript" src="'.$ext_info['url'].'/media/js/prototype.js"></script>';
$forum_head['ek_chatlitejs'] = '<script type="text/javascript" src="'.$ext_info['url'].'/media/js/chat.js?logged='.(($forum_user['is_guest']) ? 0 :(($forum_user['g_id'] == FORUM_ADMIN) ? 2 : 1)).'&baseUri='.$base_url.'/&extUri='.$ext_info['url'].'/"></script>';
}
You put both
if(!$forum_user['is_guest']) {
and the trailing
}
at the end?
Yes, there is. I will be releasing a temporary update until I can finish more that will allow you to select whether it can be viewed by guests or not.
If you want to do a quick fix for that, you can add this into the manifest.xml, check the first and last lines, those are the ones you'll need to add:
in <hook id="hd_head"> line ~150-170
if(!$forum_user['is_guest']) { // this will remove the chat for users that aren't logged in
$forum_head['prototypejs'] = '<script type="text/javascript" src="'.$ext_info['url'].'/media/js/prototype.js"></script>';
$forum_head['ek_chatlitejs'] = '<script type="text/javascript" src="'.$ext_info['url'].'/media/js/chat.js?logged='.(($forum_user['is_guest']) ? 0 :(($forum_user['g_id'] == FORUM_ADMIN) ? 2 : 1)).'&baseUri='.$base_url.'/&extUri='.$ext_info['url'].'/"></script>';
if (file_exists($ext_info['path'].'/media/js/lang/'.$forum_user['language'].'.js')) {
$forum_head['ek_chatlitelangjs'] = '<script type="text/javascript" src="'.$ext_info['url'].'/media/js/lang/'.$forum_user['language'].'.js"></script>';
} else {
$forum_head['ek_chatlitelangjs'] = '<script type="text/javascript" src="'.$ext_info['url'].'/media/js/lang/English.js"></script>';
}
$ek_chatlite_css = (file_exists($ext_info['path'].'/media/css/'.$forum_user['style'].'.css')) ? $forum_user['style'] : 'default';
$forum_head['style_ek_chatlite'] = '<link rel="stylesheet" type="text/css" media="screen" href="'.$ext_info['url'].'/media/css/'.$ek_chatlite_css.'.css" />';
} // this is the ending brace for removing guest access
And since this is a fork of the original development, it'll be released under a different name.
I tried this extension out and once a forum was placed inside another, it became inaccessible in the admin console. I then tried to uninstall it, but that didn't seem to fix the problem as the forums that were now placed under another were gone. Another reinstall and those forums still didn't show up.
I finally had to manually edit the MySQL tables to have them display under the proper parent category.
New feature list:
Emotes can be sent using /me
Private Messaging, modal message boxes
Private Chatroom for Moderators/Admins to use
You can set how many messages to retain in the chatbox
Ability to log chat
Hover tooltips on usernames with userinfo and statistics
Font Colors
Smileys
Completely rewritten to use jQuery instead of Prototype (Possible fork of my development in that area)
If a user logs off or goes inactive, it will gray out their text
Option to either use a flatfile or mysql to retain messages
Ability to select who can view the chatbox
CSS compatibility with other styles
About 1/4 of these are finished so far. The other 3/4 are on my TODO list.
I will, definitely. I'll be releasing it under a different name since it is a fork of the original development.
I'm working on releasing a new version of my modified chat. All issues you're having should be resolved in this release.
What is the command to close a db query?
Turns out trying to use !isset() on an array returns false.
I just removed the if statement around the query and it works.
Thanks.
I can't figure out why this won't update the values in MySQL. Anyone have any insight?
I've created the proper columns in the install portion of the extension.
// check for first visit
if (!isset($forum_user['access_time']) || $forum_user['access_time'] == '0')
{
$forum_user['access_time'] = time() - 60;
}
if ($forum_user['g_id'] == FORUM_ADMIN)
{
// rates, need to be entered into db sometime in the future
$wood_rate = array(20,48,84,128,180,240,308,384,468,560);
// main function for value of resource
$rate = $wood_rate['5'] / 60 / 60; // rate per second
$forum_user['wood_amount'] = $forum_user['wood_amount'] + (time() - $forum_user['access_time']) * $rate;
// set values in db
if (!isset($bb_new_values))
{
$bb_query = array(
'UPDATE' => 'users',
'SET' => 'access_time = '.$forum_user['access_time'].', wood_amount = '.$forum_user['wood_amount'],
'WHERE' => 'id='.$forum_user['id']
);
$forum_db->query_build($bb_query) or error(__FILE__, __LINE__);
}
I'm having an error using the "Pun Admin Manage Extensions Improved" extension and this one.
Notice: Undefined index: Extension loading error in /home/[rem]/extensions/pun_admin_manage_extensions_improved/extension_list.php(310) : eval()'d code on line 68 Notice: Undefined index: Illegal ID in /home/[rem]/extensions/pun_admin_manage_extensions_improved/extension_list.php(310) : eval()'d code on line 68
It goes away when I use the default extension manager.
Edit: this is when viewing the extensions in the extension manager.
I think I might have found an issue with making a long (775 words, 4,035 characters including spaces) post surrounded by list tags and inside one bulletpoint tag.
When I submitted the post, it just came back to the edit post page with a blank textarea. Luckily, I had copied it so I pasted it back into the field and submitted it again with the same effect. I went back out and saw that it was listing my post as being posted but when I tried to view the thread, it came up with a 500 error.
I don't think this is a MySQL error as to rectify the problem I just removed the bbcode tags and it posted fine and displays fine. I'd try it in here to replicate the problem but I don't want to cause any issues in this forum and force you to manually edit the SQL database to fix the problem like I did.
The post was basically formatted like this:
Long paragraphs of text here.
I'll leave it up to the admins to test it in here if they're willing.
I'm running
PunBB version 1.3.2
Operating system: Linux
PHP: 5.2.6
Accelerator: N/A
Database: MySQL Improved 5.0.67
Rows: 73,080
Size: 5.60 MB
Does this solution still work if the extension developer wants to put the js library at the end of the page so it doesn't stall the loading of the page?
<hook id="ft_end"><![CDATA[
if ($forum_user['is_guest'] == 0):
?>
<div id="battle_bar">
<div id="bb_status">
<?php
if ($forum_user['g_id'] == FORUM_ADMIN)
echo '<span id="bb_admin"><strong>Administrator</strong></span>';
else
echo '<span id="bb_ugroup"><strong>'.$forum_user['g_title'].'</strong></span>';
?>
<span id="bb_title">battlebar</span> <span id="bb_ver">v0.3.4</span>
</div>
<div id="bb_reports">
<span><strong>Reports:</strong></span>
<span class="na">Attack</span> | <span class="na">Defense</span> | <span class="na">Spy</span><br /><span id="bb_upload"><a href="http://hg.slickplaid.net/extensions/battlebar/upload/upload.php?KeepThis=true&TB_iframe=true&height=400&width=600" title="Image Uploader" class="thickbox">Upload Image</a></span><br />
</div>
</div>
<?php endif; ?>
<?php
]]></hook>
putting it at the very end footer page hook puts it at the top of the page? Weird.
Let me try that out.
Edit:
Added it to ft_about_end instead and everything's fixed.
It didn't occur to me that the hook there would put it to the top of the page. I was scouring through the CSS and javascript when it was a simple html error. Also known as an ID10T error, I think?
Thanks.
I recently added jQuery to my forums for an extension I'm building and for some reason it's breaking the width of my forums and I'm at a loss trying to figure out what is causing it.
Everything displays fine in Chrome and Firefox, but it breaks in IE (go figure).
At first I thought it was a conflict with the common.js that is used on the forum but I've checked it both with and without that and the width problem still persists.
My site: http://hg.slickplaid.net/
I'm currently in the process of disabling the extensions one by one and hopefully I'll find the problem that way.
Could someone take a look and give me some suggestions on what is causing it?
Edit: I've disabled every single addon, one by one, and the error still persisted.
I'm going to disable the addon that's causing it and only add the jquery library to see what happens.
Edit: Disabled my addon and just added the library. It's definitely something with my extension. I'll post the code up here for it shortly. Until then, someone at least tell me the css value or something that is causing it so I can narrow my search in the extension.
Edit: Here's my diliemma: I've tried putting this code
<script type="text/javascript" src="<?php echo $ext_info['url'] ?>/js/jquery-1.3.2.min.js"></script>
in both the header and footer of the page and when it's in the extension, it causes the error. If I add it directly to the page either in the main.tpl or in the announcement section, it works fine.
Why is this?
Edit: Okay, I take it back... it only shows up now when you're logged in for some reason. The <script> code is now put in the main.tpl and not even in the extension.
Edit: I've removed all the css that I've added and it still shows up as messed up. It has to be the javascript (I think).
You can log in using "test" as the username and "testuser" as the password.
Edit: I've had to remove the offending javascript because users of IE can't log in due to the login and password fields being covered up.
I am willing to monetarily compensate whoever works with me to fix this error. My email is in my profile, slickpla \[at\] slickplaid.net
It works perfectly for me and all disappearing problems in the original are gone. Many thanks.
Why won't this display? I can't get anything to display on this hook. I thought it was my if statement, but even with that set true it still won't display for me.
<hook id="pf_view_details_pre_user_activity_info">
<![CDATA[
endif; if (1 == 1):?>
<div class="ct-set data-set set<?php echo ++$forum_page['item_count'] ?>">
<div class="ct-box data-box">
<h3 class="ct-legend hn"><span>Damoria information</span></h3>
<ul class="data-list">
<?php echo implode("\n\t\t\t\t\t\t", $forum_page['user_damoria'])."\n" ?>
</ul>
</div>
</div>
<?php
]]>
</hook>
Also, do I need to be using "unset($varname)" for each of my variables if they're only used once in a specific section?
Actually, it'd have to be
$schema = array('continent', 'x', 'y', 'alliance', 'tournament_field', 'game_status', 'castles');
foreach ($schema as $value)
$forum_db->drop_field('users', $value);
Right?
Would this be the best way to uninstall?
$schema = array('continent', 'x', 'y', 'alliance', 'tournament_field', 'game_status', 'castles');
foreach ($schema)
$forum_db->drop_field('users', $schema);
Or does one of the $schema variables need to be $schema[] to work properly?
I would just try it out but I'm afraid I'd be dropping the wrong fields.
Thank you for taking the time to answer and finding that syntax error above. I didn't even notice I had it.
I'm learning as I go along and I really appreciate the help. These examples are really helping me.
What would be the best way to add this data to the user table?
$schema = array(
'FIELDS' => array(
'continent' => array(
'datatype' => 'INT(2)',
'allow_null' => true
),
'x' => array(
'datatype' => 'INT(3)',
'allow_null' => true,
'default' => '0'
),
'y' => array(
'datatype' => 'INT(3)',
'allow_null' => true,
'default' => '0'
),
'alliance' => array(
'datatype' => 'VARCHAR(255)',
'allow_null' => true
),
'tournament_field' => array(
'datatype' => 'INT(2)',
'allow_null' => true
'default' => '0'
),
'game_status' => array(
'datatype' => 'INT(1)',
'allow_null' => true,
'default' => '0',
),
'castles' => array(
'datatype' => 'INT(3)',
'allow_null' => false,
'default' => '0'
)
)
);
$forum_db->add_field('users', $schema);
or some variation of it?
Awesome extension YonasH! Thank you!
PunBB Forums → Posts by slickplaid
Powered by PunBB, supported by Informer Technologies, Inc.