View Full Version : test - Posting problem
TheHolo.Net
Feb 28th, 2002, 09:53:10 PM
like the title says...
It seems our host just updated their PHP version, which screws with our software, see the thread I linked in the next post for more details.
TheHolo.Net
Feb 28th, 2002, 09:54:53 PM
See this thread for a reference to our problem:
http://www.vbulletin.com/forum/showthread.php?s=&threadid=40721
As a temporary fix I need to edit three templates in all styles and this temporary fix also disables the uploading of any attachments.
TheHolo.Net
Feb 28th, 2002, 10:06:30 PM
Attachment check...
EDIT: Nope, attachments don't work at all now. =/
TheHolo.Net
Feb 28th, 2002, 10:15:42 PM
From looking over multiple threads at the vBulletin support forums this issue also makes it impossible for people to add or modify their avatars.
Apparently the host can recompile PHP with a security patch, but I don't really fully understand the issue at this point.
TheHolo.Net
Feb 28th, 2002, 10:23:25 PM
A quote from one of the support guys at the vBulletin support forums which is probably what needs to be done:
Chris Schreiber wrote on 02-28-2002
If you need to get uploads working again, then ask you host to upgrade to PHP 4.1.2 (or apply the patches for their version) ASAP.
There is another fix mentioned in the thread at the support forums but from what I gather it opens the server to hacker attacks, thus being the reason the host has disabled uploads.
(I mispoke saying earlier that they had upgraded PHP)
Shawn
Feb 28th, 2002, 11:39:40 PM
So, I should e-mail TB asking them to upgrade to 4.1.2? If so, I'll do it right away.
TheHolo.Net
Feb 28th, 2002, 11:45:02 PM
You might want to look over that thread I linked so that you can get a little clearer idea what is going on and maybe ask those who understand the issue better than I do what action to take.
The host has the option of installing a security patch to their current version of PHP as well from what I understand, but from what I gather their current fix for the security issue was to just disable uploads which will also need to be changed again if they upgrade or patch PHP, I think :huh
Shawn
Feb 28th, 2002, 11:49:18 PM
er... I already have a headache, and you ain't making it any better. :p
I think people can deal with the current situation until morning. Cus I'm trashed right now.
TheHolo.Net
Feb 28th, 2002, 11:51:15 PM
No problem by me, take it easy man. Hell maybe the host is trying to fix things even as we speak. Being a shared server like they are I suspect there are at least a few other vBulletin boards with similar problems being hosted by them. :)
TheHolo.Net
Mar 1st, 2002, 02:51:45 PM
Alright, from running this php action in the admin area:
http://www.swforums.net/forum/admin/index.php?s=&action=phpinfo
I see that register_global is still turned on (in the Configuration - PHP Core section) but it appears that file_uploads has no value. I did a little experimentation and can temporarily give file upload ability back to us via use of a .htaccess file in our root web folders, but according to the topic at the vBulletin support site it opens us up for hacker attack if the host has not patched their PHP version.
So I gather we either need to find out if they will flag that value as "On" (the file_uploads one) or if they have applied the security patch, in which case adding the .htaccess file should be safe to do...I think.
Shawn
Mar 1st, 2002, 03:00:16 PM
I think I got you. I'm going to e-mail them in a few minutes, politely asking if it's possible for them to either patch it or upgrade it.
TheHolo.Net
Mar 1st, 2002, 03:05:31 PM
I'm pretty sure that the file_uploads variable is the key to this. From what I read at vBulletin.com, applying the patch or doing the upgrade does not automatically change that value, the host has to do it, or we can via the .htaccess file. But I would rather be safe and know if they have applied the security patch before doing such a thing.
Shawn
Mar 1st, 2002, 03:25:26 PM
hmm... I wanted to wait until I got a response from you, and I'm glad I did. I apparently need to look things over more thoroughly.
TheHolo.Net
Mar 1st, 2002, 03:37:19 PM
Yeah, the upgrade and the patch both address the security issue, but neither automatically fix the issue we ae having. Its most probable that the host either has applied the patch (since the version still reads as 4.0.6) and it disabled uploads, or they just disabled uploads (removed the "On" flag) to cover the venerability.
TheHolo.Net
Mar 1st, 2002, 04:04:16 PM
Here is a topic where someone uses the same host that we do, and he/she says they will be contacting Terra-Byte.
http://www.vbulletin.com/forum/showthread.php?s=&threadid=40833
TheHolo.Net
Mar 1st, 2002, 04:17:43 PM
Here is the official announcement from the big guy at vBulletin:
We have recently learnt of a security issue with file upload support in PHP. More details can be found in this advisory:
http://security.e-matters.de/advisories/012002.html
Until your host has patched your version of PHP, we would seriously recommend that you disabled all file uploads in vBulletin, including avatars, attachments, and limit who has access to the file upload facilities in the control panel.
John
[edit: Please note, many hosts are upgrading to PHP 4.1.2 because of this issue. However, from PHP 4.1 and above, the "register_globals" PHP setting now defaults to "off". This setting needs to be set to "on" in order for vBulletin (and many other PHP applications) to function properly. If this setting is "off", you will receive "no forum specified error" when using vBulletin. Please read more about this here: http://www.vbulletin.com/forum/show...&threadid=40721]
http://www.vbulletin.com/forum/showthread.php?s=&threadid=40711
Champion of the Force
Mar 1st, 2002, 05:34:03 PM
Shawn: Blah blah blah php blah.
SWFans.Net: Blah blah patch blah blah.
Shawn: Blah blah blah blah vBulletin blah blah blah.
SWFans.Net: Blah blah php blah blah patch blah.
Shawn: Blah blah blah blah on blah blah php.
SWFans.Net: Blah off blah on blah php patch blah.
Just glad you guys know what you're talking about. :)
TheHolo.Net
Mar 1st, 2002, 06:45:32 PM
:lol I do my best to stay as informed as possible for the good of our forums. :)
TheHolo.Net
Mar 1st, 2002, 09:07:32 PM
Just so the staff knows and may understand, I started a topic in the OOC forum and linked to it in the Forum Announcement, in which I offered to do the adding of people’s avatars.
What I can do is when I get a few gathered together that need be done, is upload the .htaccess file I have that circumvents the security fix Tera-Byte put in place, add the avatars and then delete the file so as to close the security hole quickly. Just wanted to keep people following this issue abreast of what I am doing to help work through this problem.
Shawn
Mar 2nd, 2002, 01:20:34 AM
Sorry I haven't been exactly on the ball with this: Apparently, my Store Manager decided that I no longer require those nifty little things some people call 'Days Off'. :x I'm getting paid quite handsomly, but it's really wearing me out. If you really need something done, IM me on any of my names and I'll get it done right away.
TheHolo.Net
Mar 2nd, 2002, 01:48:52 AM
No worries. I have seen at least two other instances of people contacting Tera-Byte regarding this issue at the vBulletin support forums, so I suspscet about all that can be done about it is already. :) No worries.
TheHolo.Net
Mar 6th, 2002, 08:50:31 PM
Patch or upgrade test...
TheHolo.Net
Mar 6th, 2002, 08:51:22 PM
Woohoo!!!! They fixed it!
is off to fix all the templates, so attachments will work again.
Champion of the Force
Mar 7th, 2002, 04:19:43 AM
Testing quick reply.
EDIT: yep, it works. :)
TheHolo.Net
Mar 7th, 2002, 04:21:03 AM
I'm Pretty sure I got all the template modifications taken care of, so everything should be fully functional again. :)
vBulletin, 4.2.1 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.