All 2.0.2 need to make these Changes to avoid Bug

Started by Realinfo, May 25, 2012, 03:38:12 AM

Previous topic - Next topic

Adrek

This is also common issue on some free hosts.
They inserting few ads, and users have problems like this from screen from first message, only thing that I can suggest (for users) is disabling smileys in theme setting :|
I hope this can be solved somehow in SMF, because free host mostly don't care about it...
Polskie wsparcie SMF na simplemachines.org

the simplest solution is most likely the right one

emanuele

#21
What I have in mind a simple edit in QueryString.php:
Code (find) Select
function JavaScriptEscape($string)
{
global $scripturl;

return '\'' . strtr($string, array(
"\r" => '',
"\n" => '\\n',
"\t" => '\\t',
'\\' => '\\\\',
'\'' => '\\\'',
'</' => '<\' + \'/',
'script' => 'scri\'+\'pt',
'<a href' => '<a hr\'+\'ef',
$scripturl => '\' + smf_scripturl + \'',
)) . '\'';
}


Code (replace with) Select
function JavaScriptEscape($string)
{
global $scripturl;

return '\'' . strtr($string, array(
"\r" => '',
"\n" => '\\n',
"\t" => '\\t',
'\\' => '\\\\',
'\'' => '\\\'',
'</' => '<\' + \'/',
'script' => 'scri\'+\'pt',
'<body>' => '<bo\'+\'dy>',
'<a href' => '<a hr\'+\'ef',
$scripturl => '\' + smf_scripturl + \'',
)) . '\'';
}


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Realinfo

But Solved issue by changing <body id="help_popup">  to <'+'body id="help_popup">

Is there anything wrong in this..........

Arantor

Not really, no, but the method emanuele suggests is essentially a more thorough version of the same thing that you apply in one place only, not in a bunch of places.

Realinfo

Can we do both things............ or only one..........

<body id="help_popup">  to <'+'body id="help_popup">

and

=replace with]function JavaScriptEscape($string)
{
   global $scripturl;

   return '\'' . strtr($string, array(
      "\r" => '',
      "\n" => '\\n',
      "\t" => '\\t',
      '\\' => '\\\\',
      '\'' => '\\\'',
      '</' => '<\' + \'/',
      'script' => 'scri\'+\'pt',
      '<body>' => '<bo\'+\'dy>',
      '<a href' => '<a hr\'+\'ef',
      $scripturl => '\' + smf_scripturl + \'',
   )) . '\'';
}


Arantor

JavaScriptEscape's change actually does what you need it to do. You can do both if you wish but it's really, really not necessary.

emanuele

It should break anything, so fixed in the development branch:
Quote from: commit data
commit e06a46164ba66db3bb4ab087c85ad24a369c0613
Author: emanuele
Date:   Mon May 28 2012

    Certain hosts could try to inject html using the <body> tag as a reference point (replacing it server-side), this could break all the javascript of the post page


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Adrek

Quote from: emanuele on May 27, 2012, 10:53:43 AM
What I have in mind a simple edit in QueryString.php:
Code (find) Select
function JavaScriptEscape($string)
{
global $scripturl;

return '\'' . strtr($string, array(
"\r" => '',
"\n" => '\\n',
"\t" => '\\t',
'\\' => '\\\\',
'\'' => '\\\'',
'</' => '<\' + \'/',
'script' => 'scri\'+\'pt',
'<a href' => '<a hr\'+\'ef',
$scripturl => '\' + smf_scripturl + \'',
)) . '\'';
}


Code (replace with) Select
function JavaScriptEscape($string)
{
global $scripturl;

return '\'' . strtr($string, array(
"\r" => '',
"\n" => '\\n',
"\t" => '\\t',
'\\' => '\\\\',
'\'' => '\\\'',
'</' => '<\' + \'/',
'script' => 'scri\'+\'pt',
'<body>' => '<bo\'+\'dy>',
'<a href' => '<a hr\'+\'ef',
$scripturl => '\' + smf_scripturl + \'',
)) . '\'';
}


I can still reproduce this error on some hosts with this fix, if you need account:

user: testerek
pass: 87bgkbq
url: http://www.smf.iscool.pl/
Polskie wsparcie SMF na simplemachines.org

the simplest solution is most likely the right one

Arantor

The solution is for you not to use a crappy host.

Adrek

Polskie wsparcie SMF na simplemachines.org

the simplest solution is most likely the right one

Arantor

If you're using hosts that are injecting content into the page, they're crappy.

Adrek

I have good paid host, but some users that I know have to use free host, with ads.
Polskie wsparcie SMF na simplemachines.org

the simplest solution is most likely the right one

Arantor

It doesn't matter - if it's a free host injecting ads into the site, it's going to break stuff - even if this change is made.

Better to simply avoid them.

dimspace

Quote from: Realinfo on May 26, 2012, 01:06:47 AM
ISP has to slove the problem............ but if they don't do, then we need to do something

Yes, you move hosts.

If you need a new distributor cap for your car, you have a number of choices, you could go to a reputable garage, buy one designed for the car and fit it, or you can save yourself a few pence, buy a cheap knock off from a dodgy garage and buy one that doesnt fit. You dont then ask the car manufacturer to modify the engineering of their car to accept the cheap knockoff.

You can find a cheap host that doesnt inject ads for a couple of dollars a month, hell, there are people here who can host for you for a similar amount. But like the car, it isnt an engineering fault in smf that is responsible, its the product you are using to host smf.

dimspace

Quote from: phantomm on March 28, 2013, 01:14:23 PM
I have good paid host, but some users that I know have to use free host, with ads.

So you get a paid host for $3 a month, you inject your own ads and as long as you get 10 clicks a month, theres your $3 covered. If you ask me nicely I will give you one click a month.. only 9 more to go

This place is making me so crabby. Its rubbing off  :o

Arantor

QuoteThis place is making me so crabby. Its rubbing off 

Now add a couple of years of this. It's why I'm so crabby.

Advertisement: