MyBB Community Forums - MyBB 1.4.1

[F] Chrome Theme Edits

Tue, 16 Sep 2008 00:46:37 +0000

I think i found a bug

When you try to edit a template like header in chrome you can't edit it. It shows you the box but you can't type in it.

But, it works in all other browsers.

[F] Link to post in warning log incomplete.

Fri, 12 Sep 2008 17:06:03 +0000

Hi,

I found a bug in 1.4.1, inside warnings.php.

When a warning to a user from a specific post is made, and this filed warning is viewed in the Mod CP (/warnings.php?action=view&wid=XXX), the link to the post in question is incomplete.

Currently it's

/showthread.php?pid=XXX

when it should be

/showthread.php?tid=XXX&pid=XXX#pidXXX

[F] Upgrade from 1.2 - not all mybb_usergroups columns converted to INT

Fri, 12 Sep 2008 12:53:34 +0000

MyBB 1.4.1 update script did not convert to INT all columns in table mybb_usergroups. It forgot two of them:
- candisplaygroup
- cancustomtitle

[F] Duplicate user-names (a race condition?)

Fri, 12 Sep 2008 07:53:56 +0000

MyBB 1.2
I have found in my DB users with same usernames and consecutive UID-s (e.g. 17000 and 17001; same e-mails etc.). I do not know how they were created (accounts were registered by forum), but it can be a race condition (check if user exist and then insert user).

A simple solution is a UNIQUE INDEX for username column in mybb_users.

MyBB 1.2 does not have any index on username, MyBB 1.4 have only "INDEX".

UNIQUE INDEX also solves "MySQL and SQL Column Truncation Vulnerabilities" (although MyBB seems to be invulnerable for this because of removing multiple spaces from username in datahandler\user.php).

[F] Admin override not work

Wed, 10 Sep 2008 21:40:11 +0000

If $user['receivepms'] == 0 then administrators can't send pm to user!
I think "inc/datahandlers/pm.php" must have this change:

Now is:

			// See if the sender is on the recipients ignore list and that either
			// - admin_override is set or
			// - sender is an administrator
			if($this->admin_override != true && $sender_permissions['cancp'] != 1)
			{
				$ignorelist = explode(",", $user['ignorelist']);
				foreach($ignorelist as $uid)
				{
					if($uid == $pm['fromid'])
					{
						$this->set_error("recipient_is_ignoring", array($user['username']));
					}
				}
			}
	
			// Can the recipient actually receive private messages based on their permissions or user setting?
			if($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0 && !$pm['saveasdraft'])
			{
				$this->set_error("recipient_pms_disabled", array($user['username']));
				return false;
			}

After change will be: (as a suggestion)

			// See if the sender is on the recipients ignore list and that either
			// - admin_override is set or
			// - sender is an administrator
			if($this->admin_override != true && $sender_permissions['cancp'] != 1)
			{
				$ignorelist = explode(",", $user['ignorelist']);
				foreach($ignorelist as $uid)
				{
					if($uid == $pm['fromid'])
					{
						$this->set_error("recipient_is_ignoring", array($user['username']));
					}
				}

				// Can the recipient actually receive private messages based on their permissions or user setting?
				if($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0 && !$pm['saveasdraft'])
				{
					$this->set_error("recipient_pms_disabled", array($user['username']));
					return false;
				}
			}

[F] Bug in setting oldgroup in task (expire bans)

Wed, 10 Sep 2008 09:23:27 +0000

MyBB 1.4.1.
I have found possible bug while reviewing code - I did not test it however.

File: inc/tasks/usercleanup.php, code:

	// Expire bans
	$query = $db->simple_select("banned", "*", "lifted!=0 AND lifted<".TIME_NOW);
	while($ban = $db->fetch_array($query))
	{
		$updated_user = array(
			"usergroup" => $ban['oldgroup'],
			"additionalgroups" => $ban['oldadditionalgroups'],
			"displaygroup" => $ban['displaygroup']
		);
		$db->update_query("users", $updated_user, "uid='{$ban['uid']}'");
		$db->delete_query("banned", "uid='{$ban['uid']}'");
	}

This line:

"displaygroup" => $ban['displaygroup']

should be:

"displaygroup" => $ban['olddisplaygroup']

[F] IP search bug when ip >= 128.0.0.0

Mon, 08 Sep 2008 22:22:40 +0000

Environment (as reported in the AdminCP):
MyBB: 1.4.1
PHP: 5.2.6
DB: MySQLi 4.1.22

Bug:
When you search an IP address using the ModCP (modcp.php?action=ipsearch) and the IP is bigger or equal than 128.0.0.0 (ie: the first byte is >= 128), it turns out that no post nor user is found (assuming that there are such ones registered in the DB, of course).

The problem is with the call to the function fetch_longipv4_range in modcp.php, which it returns a negative integer number for IPs >= 128.0.0.0; and that number is compared with the field longipaddress or longregip in the DB. However, those fields seem to have a positive number, therefore no match is found.

For example, in my forums, the page moderation.php?action=getip&pid=11 returns the IP 213.201.17.42 of that post. In the DB, I see the post in the posts table with these fields: ipadress = "213.201.17.42" and longipaddress = "2147483647". However, when I go to the page modcp.php?action=ipsearch&ipaddress=213.201.17.42&search_posts=1 then MyBB can't find any result.

I hope you can solve this problem shortly. Thank you very much.

[F] Warning System Editor [Fix Provided]

Sun, 07 Sep 2008 14:56:11 +0000

Not sure if this is a bug, or a theme-related issue. However I have a theme in which I changed the editor style to a custom one, however when you view the editor on warn.php, the editor uses the default styling. o.O

Edit: Yes, it is a styling issue, for the theme section isn't even included in the editor javascript for the theme specification.

Fix:

Open template warnings_warn_pm

Find:

clickableEditor = new messageEditor("message", {lang: editor_language, rtl: 0});

Replace with:

clickableEditor = new messageEditor("message", {lang: editor_language, rtl: {$lang->settings['rtl']}, theme: "{$theme['editortheme']}"});

[F] Return-Path overruled by sendmail_from

Sun, 07 Sep 2008 00:11:22 +0000

Hi All,

Not 100% sure if this classifies as a bug because it is PHP behavior getting in the way. When sending an email (inc/functions.php) the header is calculated with a Return-Path entry set to the administrators email address. Cool.

Unfortunately when you set a sendmail_from setting in the php.ini this overrules this return-path in the header and sets it to whatever is in the sendmail_from. That by itself is fine where it not that I have no control over php.ini because this is setup by my provider, and the mail address they put in is of a mailserver that has no DNS MX-record. Certain mailservers (such as that of tiscali) will ignore any email coming from a mailserver that 'doesn't exist'.

The fix was easy enough, I added a:
ini_set("sendmail_from", $mybb->settings['adminemail']);

To the code that overrules the setting in the php.ini and makes sure mybboard does what its supposed to do.

So might be something that is worth actually adding to the product, or maybe trigger on a switch. It may solve some mail problems people may have.

[F] Little translation issue

Fri, 05 Sep 2008 00:35:27 +0000

In the file modcp.php you can find this line:

$subject = "{$lang->ipresult_post} ".htmlspecialchars_uni($ipaddress['subject'])." by ".build_profile_link($ipaddress['username'], $ipaddress['uid']);

The word "by" is not translatable.

[F] Highlighting only on first page of thread

Thu, 04 Sep 2008 14:51:38 +0000

If you use the search function the search terms are highlighted inside the post. This only works on the first page of a thread. I you go to another page of this thread the highlighting doesn't work anymore.

It seems like the argument highlight=xyz is not passed in the URL if you change the page.

[F] Permissions changed after editing forum

Thu, 04 Sep 2008 11:04:01 +0000

Steps to reproduce:

1. Go to Admin-CP -> Forums & Posts -> *Forum* -> Permissions -> Registered -> Edit Permissions.

2. Choose "Use custom permissions (below)" and check all checkboxes except for "Can delete own posts?" and "Can delete own threads?". Save the permissions.

3. Go to to the page where you can edit the settings of the forum. Save the settings (you do not need to edit anything).

4. Now go back to the permissions page. You can see that all checkboxes are checked now.

[F] toolbar.gif has a slight flaw

Thu, 04 Sep 2008 07:45:46 +0000

Theres a white line just above the last black line on the align to left button.

[F] Error in xmlhttp.php

Wed, 03 Sep 2008 15:42:18 +0000

In the file xmlhttp.php you can find this code:

while($buddy = $db->fetch_array($query))
{
    $buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);
    $profile_link = build_profile_link($buddy_name, $buddy['uid'], '_blank');
    if($buddy['lastactive'] > $timecut && ($buddy['invisible'] == 0 || $mybb->user['usergroup'] == 4) && $buddy['lastvisit'] != $buddy['lastactive'])
    {
        eval("\$online[] = \"".$templates->get("xmlhttp_buddyselect_online")."\";");
    }
    else
    {
        eval("\$offline[] = \"".$templates->get("xmlhttp_buddyselect_offline")."\";");
    }
}
$online = implode("", $online);
$offline = implode("", $offline);

If the array $online or $offline is empty you get an error:

Quote:
1220365626

690
2
Warning
implode() [function.implode]: Invalid arguments passed

There should be a check if the arrays contain elements.

[F] search does not work with postgresql

Wed, 03 Sep 2008 10:26:23 +0000

I have found a new bug with postgresql
In the file inc/function_search.php is a join, which does not work, because, a boolean can't be greater 0 on postgresql.
Lines: 462, 471, 478

If I change '> 0' into '= TRUE', I don't get the failuremessage, but I also don't get any records, only a message, which says, that nothing could be found.

MyBB has experienced an internal SQL error and cannot continue.
SQL Error:
42883 - ERROR: operator does not exist: boolean > integer LINE 5: WHERE (','||parentlist||',' LIKE ',%0%,') > 0 AND act... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. 
Query:
SELECT DISTINCT f.fid FROM zero_forums f LEFT JOIN zero_forumpermissions p ON (f.fid=p.fid AND p.gid='4') WHERE (','||parentlist||',' LIKE ',%0%,') > 0 AND active!=0 AND (p.fid IS NULL OR p.cansearch=1)