5 replies to this topic

[visiblesoul]

[IPB 1.3, 2.0, 2.1] Incorrect Personal CP Link


The "Personal CP" link is incorrect in all versions of MKPortal Multiboard.


Open:
[for IPB 2.0.x or IPB 2.1.x] /mkportal/include/IPB/ipb_board_functions.php
[for IPB 1.3.x]/mkportal/include/IPB13/ipb13_board_functions.php

Find:

	   $out = "{$mkportals->forum_url}/index.php?act=UserCP";

Replace with:

	   $out = "{$mkportals->forum_url}/index.php?act=UserCP&CODE=00";

[visiblesoul]

There is a MySQL5 compatibility issue with the "Navigation Links" management which produces an error like this when you try to add or edit a link.

ERROR: Database error.
Cannot execute the query: INSERT INTO mkp_mainlinks (icon, title, url, type, target) VALUES ('', 'test', 'www.an-corp.us', '2', '') 
MySql Error returned: Incorrect integer value: '' for column 'target' at row 1 
MySql Error code: 1366

The MySQL issue is described here...
http://bugs.mysql.com/bug.php?id=18551

To fix this issue...

FIND in mkportal/admin/ad_nav.php (function update_link):

$target = $mkportals->input['target'];

ADD BELOW:

	//MySQL5 patch
	if ($target != 1) {
		$target = 0;
	}
	//end MySQL5 patch

Original bug report here...
http://www.mkportal....ead.php?p=75649

[visiblesoul]

XSS vulnerabilities in pmpopup.php


Here is my temporary patch for pmpopup.php. I am sure Meo will have a better way of doing this but this is working for me and it does eliminate the XSS vulnerability while preserving the PM Popup functions. This is not an official patch.

For M1.1Rc1:

Step 1.
FIND in mkportal/include/pmpopup.php

$m1 = str_replace("%20", " ", $_GET['m1']);
$m2 = str_replace("%20", " ", $_GET['m2']);
$m3 = str_replace("%20", " ", $_GET['m3']);
$m4 = str_replace("%20", " ", $_GET['m4']);
$u1 = $_GET['u1'];

REPLACE WITH:

/*
$m1 = str_replace("%20", " ", $_GET['m1']);
$m2 = str_replace("%20", " ", $_GET['m2']);
$m3 = str_replace("%20", " ", $_GET['m3']);
$m4 = str_replace("%20", " ", $_GET['m4']);
$u1 = $_GET['u1'];
*/

/* Begin temp patch by visiblesoul */
define ( 'IN_MKP', 1 );
define ( 'IN_PMPOP', 1 );

$MK_PATH = "../../";
require $MK_PATH."mkportal/conf_mk.php";

global $DB, $mklib, $mkportals;

switch($MK_BOARD) {
	case 'IPB':
		$driverf = "IPB/ipb_driverf.php";
		$board_functions = "IPB/ipb_board_functions.php";
	break;
	case 'PHPBB':
	$driverf = "PHPBB/php_driverf.php";
		$board_functions = "PHPBB/php_board_functions.php";
	break;
	case 'VB':
	$driverf = "VB/vb_driverf.php";
		$board_functions = "VB/vb_board_functions.php";
	break;
  case 'IPB13':
	$driverf = "IPB13/ipb13_driverf.php";
		$board_functions = "IPB13/ipb13_board_functions.php";
	break;
	default:
	$driverf = "SMF/smf_driverf.php";
		$board_functions = "SMF/smf_board_functions.php";
	break;
}

require $MK_PATH."mkportal/include/$driverf";
require $MK_PATH."mkportal/include/functions.php";
require $MK_PATH."mkportal/include/$board_functions";

switch($MK_BOARD) {
	case 'IPB':
	$u1 = "$mklib->siteurl/$mklib->forumpath/index.php?act=Msg";
	break;
	case 'PHPBB':
	$u1 = "$mklib->siteurl/$mklib->forumpath/privmsg.php?folder=inbox";
	break;
	case 'VB':
	$u1 = "$mklib->siteurl/$mklib->forumpath/private.php";
	break;
  case 'IPB13':
	$u1 = "$mklib->siteurl/$mklib->forumpath/index.php?act=Msg";
	break;
	default:
	$u1 = "$mklib->siteurl/$mklib->forumpath/index.php?action=pm";
	break;
}

$m1 = $mklib->lang['popm1'];
$m2 = $mklib->lang['popm2'];
$m3 = $mklib->lang['popm3'];
$m4 = $mklib->lang['popm4'];
/* End temp patch by visiblesoul */

Step 2. (vBulletin only)
FIND in mkportal/include/VB/vbdriverf.php

require $MK_PATH."mkportal/conf_mk.php";

ADD ABOVE:

if (defined('IN_PMPOP')) {
	chdir('mkportal/include');
}

[visiblesoul]

[phpBB] Include File Bug

Original post by Mark...
http://www.mkportal....ead.php?t=13296

There are issues that the error log could overload on servers due to the file php_out.php

Here is the reported bug:
http://www.mkportal....ead.php?t=13259

Here is the Fix:

Open:
/mkportal/include/PHPBB/php_out.php
Find:

	  eval($ForumOut);

Replace with:

	  @eval($ForumOut);

Regards,

Mark

[visiblesoul]

[IPB2] RSS Bug


Original post by Meo...
http://www.mkportal....read.php?t=9056


The definition of the CACHE_PATH constant in the MKPortal rss block has no effect because it is previously defined by IPB 2 code. This cause the rss cache not to work.

To fix this issue edit file mkportal/blocks/rss.php

FIND:

define ('CACHE_PATH', $mklib->sitepath."mkportal/cache/");

REPLACE WITH:

define ('CACHE_PATH_RSS', $mklib->sitepath."mkportal/cache/");

FIND:

$cache_file = CACHE_PATH.$cache_file.".rss";

REPLACE WITH:

$cache_file = CACHE_PATH_RSS.$cache_file.".rss";

[visiblesoul]

[All?]Smilies Bug #2

This code in ***_board_functions.php (function get_emo_row) has some conflict with any emoticon that has this combination of characters ":/" (A colon followed by a forward slash).

if (!strpos($image, "http://")) {

If you have any emoticons with this string in the macro name you will have intermittent issues with emoticons in the Shoutbox (and other modules?) where some image source code is displayed instead of the emoticon image.

Anyway, the easiest solution is to avoid using ":/" in any of your emoticon macro names.

I tested this in IPB1.3 but I suspect that this issue is the source of emoticon issues that I've seen with other boards also. I do not have a fix right now. If anyone else has a fix please post it here.

-=DKC=-