quote is not working after upgrading to 2.0.19

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Alex Zuyev
Registered User
Posts: 32
Joined: Sun Dec 28, 2003 1:47 pm
Location: Moscow
Contact:

Post by Alex Zuyev » Tue Jan 03, 2006 8:03 pm

kulinar wrote: Replacing this part of bbcode.php

Code: Select all

$text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]");
with older one

Code: Select all

$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
seems to solve the problem.


I have made directly vice verca and only after that quoting a person does work. What is there going on?
Best wishes,
Alex

JupiterPOI
Registered User
Posts: 42
Joined: Tue Mar 30, 2004 4:33 am

Post by JupiterPOI » Tue Jan 03, 2006 8:37 pm

I made some of the changes here with mixed results. I thought that making a few changes it would work, it did. The quote were working great until I found out that they still were not working in Private Messages. So I just ended up reversing all of the code in the .18 to .19 upgrade and all is well...

So I reversed the following code from bbcode.php:

Code: Select all

# 
#-----[ OPEN ]--------------------------------------------- 
# 
includes/bbcode.php

#
#-----[ FIND ]---------------------------------------------
# Line 255
	$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");

#
#-----[ REPLACE WITH ]---------------------------------------------
# 
	$text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\"(.*?)\\\\"\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]");

#
#-----[ FIND ]---------------------------------------------
# Line 392
				if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
				{
					// OK we are in a quote tag that probably contains a ] bracket.
					// Grab a bit more of the string to hopefully get all of it..
					if ($close_pos = strpos($text, '"]', $curr_pos + 9))
					{
						if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false)
						{
							$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2);

#
#-----[ REPLACE WITH ]---------------------------------------------
# 
				if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
				{
					// OK we are in a quote tag that probably contains a ] bracket.
					// Grab a bit more of the string to hopefully get all of it..
					if ($close_pos = strpos($text, '"]', $curr_pos + 14))
					{
						if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false)
						{
							$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7);
I also reversed code from functions_posts.php:

Code: Select all

# 
#-----[ OPEN ]--------------------------------------------- 
# 
includes/functions_post.php

#
#-----[ FIND ]---------------------------------------------
# Line 28
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');

#
#-----[ REPLACE WITH ]---------------------------------------------
# 
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
And finally, I also reversed code from privmsg.php:

Code: Select all

# 
#-----[ OPEN ]--------------------------------------------- 
# 
privmsg.php

#
#-----[ FIND ]---------------------------------------------
# Line 38
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');

#
#-----[ REPLACE WITH ]---------------------------------------------
# 
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
Last edited by JupiterPOI on Wed Jan 04, 2006 2:48 am, edited 1 time in total.

User avatar
Lumpy Burgertushie
Registered User
Posts: 66728
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie » Wed Jan 04, 2006 1:48 am

now, all of you that have changed from what is in the .19 upgrade, are once again vulnerable to the exploit in the IE browser that this was designed to protect you from.

the way to fix this is to find what MOD is interfering with it and change that.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

ScuL
Registered User
Posts: 111
Joined: Tue May 04, 2004 6:01 pm
Location: NZ

Post by ScuL » Wed Jan 04, 2006 2:18 am

hm actually I'm a bit curious how one can exploit using only a bb-code quote command .. seems a bit hard to believe that a hacker can get full access on the board by doing something like that :P
btw for me it worked only to revert that single line back to the old situation, so not the complete exploit preventation like 2 posts above me :)

JupiterPOI
Registered User
Posts: 42
Joined: Tue Mar 30, 2004 4:33 am

Post by JupiterPOI » Wed Jan 04, 2006 2:37 am

ScuL wrote: hm actually I'm a bit curious how one can exploit using only a bb-code quote command .. seems a bit hard to believe that a hacker can get full access on the board by doing something like that :P


I wonder the same thing.... If someone is taking over a board through a bbcode "quote" command, that would be very weak! Please explain how I am vulnerable?

iNfLuX
Registered User
Posts: 108
Joined: Thu Jul 10, 2003 2:55 pm
Contact:

Post by iNfLuX » Wed Jan 04, 2006 2:44 am

hmm, i dunno what to do here. i have two boards... one with mods, one without. i only see the problem with new posts on the board with mods (old posts with quotes are still displaying correctly though.)

here are some of the mods i remember installing...
aim online/offline
quick reply
topic description
myCalendar
livestream radio
using the fiSubIce theme

would really like to get to the bottom of this...!!

Kithplana
Registered User
Posts: 26
Joined: Tue Jun 29, 2004 10:46 pm

Post by Kithplana » Wed Jan 04, 2006 4:15 am

I've got the same problem, and I just found that if I include some HTML in my post, the quotes are fine -- otherwise they're broken. Hope that helps to track it down...

dimen
Registered User
Posts: 7
Joined: Tue Apr 06, 2004 11:14 pm

Post by dimen » Mon Jan 09, 2006 8:31 pm

i have this problem to ..any help ?

villagefox
Registered User
Posts: 6
Joined: Wed Sep 22, 2004 2:33 pm

Post by villagefox » Mon Jan 09, 2006 9:46 pm

I too have this problem. I have a few mods installed... including the Quick Reply mod mentioned by a previous poster.

Zeb
Registered User
Posts: 86
Joined: Sat Aug 10, 2002 6:44 pm
Location: Rome, Italy

Post by Zeb » Wed Jan 11, 2006 11:57 pm

..and I have the same problem too.

If I check the "Disallow HTML..." while posting.... the quote function works again...

Zeb
Registered User
Posts: 86
Joined: Sat Aug 10, 2002 6:44 pm
Location: Rome, Italy

Post by Zeb » Thu Jan 12, 2006 11:52 am

After a lot of hours and a headache I found my problem. Hope could apply to you guys.

file:
includes/function_post.php

there were 2 lines of code. The first has two \t missing and I don't realize why this happened.
the second has !$end_html || ( missing (from an old update from phpbb 2.0.4 to 2.0.5)

Around line 77
from:

Code: Select all

$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[ ]*?=|on[\w]+[ ]*?=)#i', $hold_string)) ? false : true;
to:

Code: Select all

$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;

around line 94
from:

Code: Select all

if ($end_html != strlen($message) && $tmp_message != '')
to:

Code: Select all

if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))

User avatar
Lumpy Burgertushie
Registered User
Posts: 66728
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie » Thu Jan 12, 2006 3:49 pm

which means that the problem is not with the current phpbb files, but with incomplete updates from the past.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

Kithplana
Registered User
Posts: 26
Joined: Tue Jun 29, 2004 10:46 pm

Post by Kithplana » Thu Jan 12, 2006 4:31 pm

Awesome. Thanks, Zeb, works great :) Both lines in question were broken for me; my install started at 2.0.6 and has gone on since then, so it's likely something, somewhere, broke sometime. My users are going to be happy they don't need to know the "magic" to make it work now :D

Zeb
Registered User
Posts: 86
Joined: Sat Aug 10, 2002 6:44 pm
Location: Rome, Italy

Post by Zeb » Thu Jan 12, 2006 7:02 pm

Lumpy Burgertushie wrote: which means that the problem is not with the current phpbb files, but with incomplete updates from the past.

robert


Yes robert. I've been using phpbb2 since 2001 and always triple checked my updates. I'm quite shure there is a hole in the update line...
Kithplana wrote: Awesome. Thanks, Zeb, works great Smile Both lines in question were broken for me; my install started at 2.0.6 and has gone on since then, so it's likely something, somewhere, broke sometime. My users are going to be happy they don't need to know the "magic" to make it work now Very Happy


Our users will never know our hard work and our headaches behind the scenes kithplana. :roll:
Glad to be helpful...

dimen
Registered User
Posts: 7
Joined: Tue Apr 06, 2004 11:14 pm

Post by dimen » Fri Jan 13, 2006 1:16 pm

Zeb wrote: After a lot of hours and a headache I found my problem. Hope could apply to you guys.

file:
includes/function_post.php

there were 2 lines of code. The first has two \t missing and I don't realize why this happened.
the second has !$end_html || ( missing (from an old update from phpbb 2.0.4 to 2.0.5)

Around line 77
from:

Code: Select all

$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[ ]*?=|on[\w]+[ ]*?=)#i', $hold_string)) ? false : true;
to:

Code: Select all

$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;

around line 94
from:

Code: Select all

if ($end_html != strlen($message) && $tmp_message != '')
to:

Code: Select all

if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))



MY HERO!! TY VM

Locked

Return to “2.0.x Support Forum”