News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Move Topic Notification [SMF 2.0 Supported]

Started by Nibogo, March 19, 2007, 06:58:51 PM

Previous topic - Next topic

HunterP

Quote from: sharks on December 06, 2010, 04:49:02 AMI got the same errors again, and several of the moderators on my forum also. I am using SMF 1.1.11

Hacking attempt...

INSERT INTO smf_personal_messages
(ID_MEMBER_FROM, deletedBySender, fromName, msgtime, subject, body)
VALUES (670, 1, SUBSTRING('crazyer', 1, 255), 1291600677, SUBSTRING('A'IE Delight with electric CBT', 1, 255), SUBSTRING('The topic you created at general named A\'IE Delight with electric CBT has been moved to the Bin. Please understand that this has been done to keep order in the forum..
The image is not working.', 1, 65534))
File: /home/sharks/sea/smf/Sources/Subs-Post.php
Line: 831

This seems to have something to do with apostrophes in the subject : A'IE Delight with electric CBT, it's difficult to see it, I made it bold, red and a bit larger.

I'll see what I can do since Nibogo doesn't seem to support his own mods anymore......

HunterP


This seems to work for me :

Code (Find) Select
// This is the one that will go in their inbox.
$htmlmessage = $func['htmlspecialchars']($message, ENT_QUOTES);
$htmlsubject = $func['htmlspecialchars']($subject);
preparsecode($htmlmessage);


Code (Replace With) Select
// This is the one that will go in their inbox.
$htmlmessage = $func['htmlspecialchars']($message, ENT_QUOTES);
$htmlsubject = $func['htmlspecialchars']($subject);
$htmlsubject = addslashes($subject);
preparsecode($htmlmessage);


The extra line $htmlsubject = addslashes($subject); adds slashes before ' and " which are needed in SQL queries.

sharks

Thanks a lot for your invaluable help to fix this long overdue and forever annoying bug, HunterP. Can you please tell me what file to edit for the code above?

I will try this fix and will leave feedback if the "hacking" bug shows up again.

HunterP

Quote from: sharks on January 13, 2011, 06:27:49 PM
Thanks a lot for your invaluable help to fix this long overdue and forever annoying bug, HunterP. Can you please tell me what file to edit for the code above?

I will try this fix and will leave feedback if the "hacking" bug shows up again.

Sorry, that's the Subs-Post.php

I've just noticed that this does fixes the Hacking message, but shows slashes before the apostrophes in the subject. Anyhow, that seems better than an error, doesn't it? I'll have to see if this can be fixed to. Done this previously with an other mod, but have to find a bit more time.

sharks

Ok, i have made the modifications. Now we wait and see if the error happens again. Hopefully never again! :)

I hope you can further improve this mod, HunterP.

HunterP


Unfortunately I'm not yet able to get rid of the backslashes in the subject, but more important is that the hacking error doesn't occur anymore. You can just test it on a topic which contains one or more ' in the subject. Try it with and without the extra line.

HunterP


Ok, better is this change :

Code (Find) Select
// This is the one that will go in their inbox.
$htmlmessage = $func['htmlspecialchars']($message, ENT_QUOTES);
$htmlsubject = $func['htmlspecialchars']($subject);
preparsecode($htmlmessage);


Code (Replace by) Select
// This is the one that will go in their inbox.
$htmlmessage = $func['htmlspecialchars']($message, ENT_QUOTES);
$htmlsubject = $func['htmlspecialchars'](addslashes($subject));
preparsecode($htmlmessage);


The find might not be correct anymore if you'd already apply the previous change, but I think you'll understand it. The only difference is that this saves one line, that's all.

But the weirdest thing is that no backslashes appear when a PM is being sent (so the problem is fixed), but when someone replies to such a message (with a ' in the subject), then it gets backslahsed again, so that has to be a little bug in the PM-function itself. You can test this by PM'ing yourself with a ' in the subject. The received PM will show \'

sharks

I have replaced the previous code with the updated one above.

For those who might be wondering where to find the Subs-Post.php file to edit, go to the Sources folder.

Thanks again for the updated fix, HunterP. :D Finally got rid of this really old and annoying bug is a real relief!

HunterP

Sorry, I don't want to make it unnecessarily difficult, but forget about my previous 'hack' and use this one, which is only related to this specific modification :

In MoveTopic.php :

Code (Find:) Select
$pm_move_topic_body = preg_replace('~<br(?: /)?' . '>~', "\n", $pm_move_topic_body);
$pm_move_topic_body = un_htmlspecialchars($pm_move_topic_body);     

Code (Add Below:) Select

$subject = addslashes($subject);


This adds slashes before the notification goes to Subs-Post.php and does not add slashes when normal PM's are sent.

sharks

Done. I'll leave feedback if anything crops up, but i think this problem is now as settled as it can be. Hopefully. :)

Robin1989




FragaCampos

How can i make one of the lines from the PM message to turn red? I know it must be quite simple, but i don't know PHP. I know how to make line breaks and smalltext, but not change colours.
Any help?


sharks

Quote from: Nibogo on June 29, 2011, 03:07:40 PM
Updated to SMF 2.0
Does this include any bug fixes? Also, you should edit the title of the first post, as it still says: "Move Topic Notification [Now with SMF RC3 Support & Commands Fixed]" so i think you should remove the mention of RC3 so as to let people know that it has been finally updated for 2.0 final.

Nibogo

Quote from: sharks on June 30, 2011, 09:37:52 AM
Quote from: Nibogo on June 29, 2011, 03:07:40 PM
Updated to SMF 2.0
Does this include any bug fixes? Also, you should edit the title of the first post, as it still says: "Move Topic Notification [Now with SMF RC3 Support & Commands Fixed]" so i think you should remove the mention of RC3 so as to let people know that it has been finally updated for 2.0 final.

Thanks, could you update the remaining bugs please?

sharks

Nibogo, here is one of the major issues that i've encountered and which HunterP resolved. I think it would be wise if you could integrate this fix into your 2.0 mod so others won't have errors when moving topics.

Quote from: HunterP on January 14, 2011, 01:23:20 PM
Sorry, I don't want to make it unnecessarily difficult, but forget about my previous 'hack' and use this one, which is only related to this specific modification :

In MoveTopic.php :

Code (Find:) Select
$pm_move_topic_body = preg_replace('~<br(?: /)?' . '>~', "\n", $pm_move_topic_body);
$pm_move_topic_body = un_htmlspecialchars($pm_move_topic_body);     

Code (Add Below:) Select

$subject = addslashes($subject);


This adds slashes before the notification goes to Subs-Post.php and does not add slashes when normal PM's are sent.


Advertisement: