Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 09 Jun 2012, 09:24
squishi squishi is offline
 
Join Date: May 2006
Angry Patch Level 3 caused a bug

I need some help.

I applied patch level 3 line by line to my vb installation 3.8.7.
I made the changes on all the files that were included in the patch download, making sure that the changes were ported to my installation.

Now $vbulletin->userinfo is undefined in the fetch_userinfo function when using the fetch_userinfo_query hook. This function itself checks for the $vbulletin->userinfo['userid'], so this is not a desired behavior at all.

I cannot undo the changes, because 1) I trusted you guys to not screw the code up and 2) when I download vb 3.8.7, I get the patched versions of the files. So from the files that you offer, the error cannot be undone anymore.
I will now proceed to undo the patch using a backup.

This error was introduced with patch level 3 and needs to be fixed.
Reply With Quote
  #2  
Old 09 Jun 2012, 10:18
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
You should be reporting this at www.vbulletin.com not .org the guys here have nothing to do with the development or bug correction of the product!
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
  #3  
Old 09 Jun 2012, 10:47
New Joe's Avatar
New Joe New Joe is offline
 
Join Date: May 2009
I've read there have been a lot of problems with this new Patch even on vB 4

Anyone else had problems?
Reply With Quote
  #4  
Old 09 Jun 2012, 12:21
squishi squishi is offline
 
Join Date: May 2006
I am reporting this here, because it is the forum that offers help and assistance. On vbulletin.com, the only support that I will get is being told to reset the whole forum, remove all plugins and reinstall everything. No thank you - I've been told that one too many times.

I was unable to fix the problem. Maybe it was not the plugin afterall - I cannot tell. What I know is that it worked recently.

Actually, when doing a backtrace in functions.php > fetchuserinfo(), I see that fetch_userinfo is called from VB_Session in init.php.
$vbulletin->userinfo is only defined a couple of lines later in init.php.
$vbulletin->userinfo is undefined in the fetch_userinfo_query hook.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

The backtrace in functions.php > fetchuserinfo() goes like this:
#0 fetch_userinfo(1, 0, 0) called at [/www/virtual/forum/includes/class_core.php:2745]
#1 vB_Session->vB_Session(vB_Registry Object ...)
#2 require_once(/www/virtual/forum/includes/init.php) called at [/www/virtual/forum/global.php:21]
#3 require_once(/www/virtual/forum/global.php) called at [/www/virtual/forum/index.php:59]
In words:
fetch_userinfo() is called in the vB_Session class in class_core.php. VB_Session is called in init.php, before $vbulletin->userinfo is defined. The "global" statement in fetch_userinfo() will fail. $vbulletin->userinfo is null.

Can somebody confirm that $vbulletin->userinfo is undefined in their fetch_userinfo_query hook?
Reply With Quote
  #5  
Old 09 Jun 2012, 12:34
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by squishi View Post
I am reporting this here, because it is the forum that offers help and assistance.
I think there was some confusion because you posted "I trusted you guys to not screw the code up" and we're not the guys.


The backtrace in functions.php > fetchuserinfo() goes like this:


In words:
fetch_userinfo() is called in the vB_Session class in class_core.php. VB_Session is called in init.php, before $vbulletin->userinfo is defined. The "global" statement in fetch_userinfo() will fail. $vbulletin->userinfo is null.

Can somebody confirm that $vbulletin->userinfo is undefined in their fetch_userinfo_query hook?

fetch_userinfo() is a member function of the session class, so it shoudn't be the same as the fetch_userinfo() that's in includes/functions.php. If you got that trace from a trace call at the fetch_userinfo_query hook, then something's very wrong. ETA: no, I take that back - there is a member function but I don't think it's the one that should be called....but it does look like the other fetch_userinfo() needs the userinfo array to exist already, as you mentioned in the first post.

Last edited by kh99; 09 Jun 2012 at 12:43.
Reply With Quote
  #6  
Old 09 Jun 2012, 13:21
squishi squishi is offline
 
Join Date: May 2006
Something is amiss with my installation indeed. I looked at other plugins that hook into the fetch_userinfo_query hook and they use $vbulletin->userinfo['userid'] as well.

You are probably right. I will add the trace to the plugin instead of the function.

--------------- Added 09 Jun 2012 at 13:29 ---------------

The result is the same.

I added this code to the fetch_userinfo_query hook in the plugin where $vbulletin->userinfo is null:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Note: if you add this code, you will have to globally disable plugins to remove the code again.

#0 eval() called at [/www/virtual/forum/includes/functions.php:1388]
#1 fetch_userinfo(1, 0, 0) called at [/www/virtual/forum/includes/class_core.php:2745]
#2 vB_Session->vB_Session(vB_Registry Object (...)
#3 require_once(/www/virtual/forum/includes/init.php) called at [/www/virtual/forum/cpadmin/global.php:34]
#4 require_once(/www/virtual/forum/cpadmin/global.php) called at [/www/virtual/forum/cpadmin/plugin.php:25]
fetch_userinfo is called from vB_Session which traces back to init.php. At this point in time, $vbulletin->userinfo is not defined yet, as mentioned in the post above.

Last edited by squishi; 09 Jun 2012 at 13:32.
Reply With Quote
  #7  
Old 09 Jun 2012, 13:31
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by squishi View Post
You are probably right. I will add the trace to the plugin instead of the function.
Actually I think I was wrong. To call a member function it would have to use $this->fetch_userinfo, and the parameters are wrong, so it is calling the one in functions.php. I think you're right that the first time it's called $vbulletin->userinfo isn't set even though it's used at the start of that function. It could be that the "is not an array" error message doesn't appear because messages are turned off.

I don't know what your plugin does, but maybe you could use hook fetch_userinfo and check $user instead of $vbulletin->userinfo.

Last edited by kh99; 09 Jun 2012 at 13:38.
Reply With Quote
  #8  
Old 09 Jun 2012, 13:52
squishi squishi is offline
 
Join Date: May 2006
The fetch_userinfo function itself checks for $vbulletin->userinfo. So something is broken in the original code already.
I can work around it, but I know other plugins check for $vbulletin->userinfo as well.
What bugs me is that it used to work a few days ago.
And since $vbulletin->userinfo is not available and I have no way to check if a user is logged in in that hook, it is not a good idea to just leave it like this.

Something's broken and there seems to be a flaw in the vb code. I checked a freshly downloaded code (patch level 3), and it follows the same logic.

init.php calls vb_session. vb_session calls fetch_userinfo, and $vbulletin->userinfo is not defined in this function.
Now let's assume that this call to fetch_userinfo() is not the call that loads this plugin. This would mean that the hook is executed twice. That would be extremely inefficient.

--------------- Added 09 Jun 2012 at 14:06 ---------------

For example, the vbulletin blog product uses $vbulletin->userinfo['permissions'] in the fetch_userinfo_query hook.

Last edited by squishi; 09 Jun 2012 at 13:58.
Reply With Quote
  #9  
Old 09 Jun 2012, 14:56
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by squishi View Post
For example, the vbulletin blog product uses $vbulletin->userinfo['permissions'] in the fetch_userinfo_query hook.

Yeah, if that's true then it's a bug as far as I can tell (but I don't have the blog product).

Edit: just to be clear, as mentioned below I've been looking at the source code for vb3.8.7PL2 without the latest patch, so if this is a bug it existed prior to the latest patch. Also, I diffed the PL2 files with the patch files and none of the changes affect those areas of the code.

Last edited by kh99; 09 Jun 2012 at 16:14.
Reply With Quote
  #10  
Old 09 Jun 2012, 15:31
New Joe's Avatar
New Joe New Joe is offline
 
Join Date: May 2009
So should I not apply the Patches then?
Reply With Quote
  #11  
Old 09 Jun 2012, 15:36
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by New Joe View Post
So should I not apply the Patches then?

I've been looking at the source code for vb3.8.7 PL2, so I don't see any evidence that any of this was caused by the latest patch.
Reply With Quote
  #12  
Old 09 Jun 2012, 16:24
New Joe's Avatar
New Joe New Joe is offline
 
Join Date: May 2009
Sorry, I forgot to say I use vB 4
Reply With Quote
  #13  
Old 09 Jun 2012, 16:32
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
I haven't really seen any issues with the latest security patch. I don't watch everything on vbulletin.com, but I only saw a couple of mentions of problems over there - one was vb3 (which I think was probably squishi), and the other was someone who I think installed the wrong patch. In any case it only involves overwriting over some files, so if it did cause problems you would only need to upload the original files again.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 20:51.

Layout Options | Width: Wide Color: