S P E E D
17-11-2010, 09:08 صباحاً
السلام عليكم
النسخ المصابة : 4.0.8
هذه خطوات الترقيع
فى المجلد includes , الملف class_core.php
ابحث عن
//add back the url() if we need it.
if ($add_url)
{
$string = 'url(\'' . $string . '\')';
}
return $string;اضف بعدها
function htmlspecialchars_uni_callback($matches)
{
if (count($matches) == 1)
{
return '&';
}
if (strpos($matches[2], '#') === false)
{
// > like
if ($matches[2] == 'shy')
{
return '*';
}
else
{
return "&$matches[2];";
}
}
else
{
// Only convert chars that are in ISO-8859-1
if (($matches[3] >= 32 AND $matches[3] <= 126)
OR
($matches[3] >= 160 AND $matches[3] <= 255))
{
return "&#$matches[3];";
}
else
{
return "&#$matches[3];";
}
}
}
فى المجلد includes , الملف version_vbulletin.php
استبدل المحتوي بـالتالي
<?php
define('FILE_VERSION_VBULLETIN', '4.0.8 Patch Level 1');
?>
فى المجلد vb , الملف profilecustomize.php
ابحث عن
$current = $theme_data->current();اضف بعدها
foreach($current as $field => $value)
{
//no checking for font and border
if (stripos($value, 'font' > -1))
{
continue;
}
//make sure it's a clean value
if (stripos($field, 'background_image') > -1)
{
//this might be a color, or might be an image.
$current[$field] = self::getBGValue($value);
}
else //it's a
{
$current[$field] = self::getValidColor($value);
}
}ثم ابحث عن
$css['page_background_image'] = self::getBGColor($current['page_background_image']);استبدلها بالتالي
$css['page_background_image'] = self::getBGValue($current['page_background_image']);ثم ابحث عن
$css['module_background_image'] = self::getBGColor($current['module_background_image']);استبدلها بالتالي
$css['module_background_image'] = self::getBGValue($current['module_background_image']);ثم ابحث عن
$css['moduleinactive_background_image'] = self::getBGColor($current['moduleinactive_background_image']);استبدلها بالتالي
$css['moduleinactive_background_image'] = self::getBGValue($current['moduleinactive_background_image']);ثم ابحث عن
$css['content_background_image'] = self::getBGColor($current['content_background_image']);استبدلها بالتالي
$css['content_background_image'] = self::getBGValue($current['content_background_image']);ثم ابحث عن
$css['button_background_image'] = self::getBGColor($current['button_background_image']);استبدلها بالتالي
$css['button_background_image'] = self::getBGValue($current['button_background_image']);ثم ابحث عن
$css['headers_background_image'] = self::getBGColor($current['headers_background_image']);استبدلها بالتالي
$css['headers_background_image'] = self::getBGValue($current['headers_background_image']);ثم ابحث عن
public static function getBGColor($image_url)استبدالها بالتالي
public static function getValidColor($colorval)
{
//here's how we can determine what this is:
// if it starts with # or rgb( then it's trying to be a valid color )
// if it's in color_strings then it's a valid color.
//if it's an array of three appropriate hex values, it's valid
// otherwise it's trying to be an url
$colorval = trim($colorval);
//It might be the word "transparent"
if (strtolower($colorval) == 'transparent')
{
return 'transparent';
}
//see if it's a valid color in # format
$valid_colors = "!^#?([a-f]|[A-F]|[0-9]){3}(([a-f]|[A-F]|[0-9]){3})?$!iU";
$matches = array();
if (preg_match($valid_colors, $colorval, $matches))
{
$valid_color = $matches[0];
if ($valid_color[0] != '#')
{
$valid_color = '#' . $valid_color;
}
return $valid_color;
}
//let's strip out any spaces.
$colorval = str_replace(' ', '',$colorval);
$colorval = ($colorval);
//maybe it's an 'rgb(red,green,blue)' value
if (substr(strtolower($colorval),0,4) == 'rgb(')
{
$tmpcolor = substr(strtolower($colorval),4);
//remove any trailing spaces
//is there a ')' on the right? If so, remove it.
if (substr($tmpcolor, -1,1) != ')')
{
return false;
}
$tmpcolor = substr($tmpcolor, -1,1);
$tmpcolor = explode(',',$tmpcolor);
if ((count($tmpcolor) == 3) &&
(intval($tmpcolor[0]) >= 0) && (intval($tmpcolor[0]) <= 256) &&
(intval($tmpcolor[1]) >= 0) && (intval($tmpcolor[1]) <= 256) &&
(intval($tmpcolor[2]) >= 0) && (intval($tmpcolor[2]) <= 256))
{
return '#' . dechex($tmpcolor[0]) . dechex($tmpcolor[1]) . dechex($tmpcolor[2]);
}
}
return false;
}
protected function cleanImageLoc($imageLoc)
ثم ابحث عن
if (!$image_url OR strtolower($image_url) == 'transparent' OR strtolower($image_url) == 'none')استبدلها بالتالي
if (preg_match($filter, $imageLoc, $matches))
{
return false;
}
return $imageLoc;
}
public static function getBGValue($image_url)
{
//sometimes we have the word 'none'
if (strtolower($image_url) == 'none')ثم ابحث عن
//if it's in the form url(<something) then we just return.ثم اضف فوقها
//it might be a color;
$result = self::getValidColor($colorval);
if ($result)
{
return $result;
}
//Let's see if it's an image. First clean it.
$image_url = self::cleanImageLoc($image_url);
if (!$image_url)
{
return false;
}فى المجلد الرئيسي , الملف css.php
ابحت عن
{
$templater->register($varname, vB::$vbulletin->stylevars['font']['family']);
}
else
{اضف بعدها
if (preg_match("#_(color|border)$#", $varname))
{
//color values are validated heavily on input and tend to
//get destroyed by when escaped.
}
else
{
//IE6 will accept "javascript:" urls. Unfortunatley it will do so even if the
//url strings are encoded. We remove whitespace from the string to avoid attempts
//to break up the word javascript in ways the css parser might still recognize.
if(stripos(preg_replace("#\s#", "", $setting), 'javascript') !== false)
{
$setting = '';
}
else
{
$setting = css_escape_string($setting);
}
}
للاخوة الى مش بيحبوا التعديل يقدروا يعملوا استبدال للملفات الى فى المرفقات
التحديث الأمني لنسخة 4.0.8 pl1 (http://www.mtwer.com/vb/t48416.html)
النسخ المصابة : 4.0.8
هذه خطوات الترقيع
فى المجلد includes , الملف class_core.php
ابحث عن
//add back the url() if we need it.
if ($add_url)
{
$string = 'url(\'' . $string . '\')';
}
return $string;اضف بعدها
function htmlspecialchars_uni_callback($matches)
{
if (count($matches) == 1)
{
return '&';
}
if (strpos($matches[2], '#') === false)
{
// > like
if ($matches[2] == 'shy')
{
return '*';
}
else
{
return "&$matches[2];";
}
}
else
{
// Only convert chars that are in ISO-8859-1
if (($matches[3] >= 32 AND $matches[3] <= 126)
OR
($matches[3] >= 160 AND $matches[3] <= 255))
{
return "&#$matches[3];";
}
else
{
return "&#$matches[3];";
}
}
}
فى المجلد includes , الملف version_vbulletin.php
استبدل المحتوي بـالتالي
<?php
define('FILE_VERSION_VBULLETIN', '4.0.8 Patch Level 1');
?>
فى المجلد vb , الملف profilecustomize.php
ابحث عن
$current = $theme_data->current();اضف بعدها
foreach($current as $field => $value)
{
//no checking for font and border
if (stripos($value, 'font' > -1))
{
continue;
}
//make sure it's a clean value
if (stripos($field, 'background_image') > -1)
{
//this might be a color, or might be an image.
$current[$field] = self::getBGValue($value);
}
else //it's a
{
$current[$field] = self::getValidColor($value);
}
}ثم ابحث عن
$css['page_background_image'] = self::getBGColor($current['page_background_image']);استبدلها بالتالي
$css['page_background_image'] = self::getBGValue($current['page_background_image']);ثم ابحث عن
$css['module_background_image'] = self::getBGColor($current['module_background_image']);استبدلها بالتالي
$css['module_background_image'] = self::getBGValue($current['module_background_image']);ثم ابحث عن
$css['moduleinactive_background_image'] = self::getBGColor($current['moduleinactive_background_image']);استبدلها بالتالي
$css['moduleinactive_background_image'] = self::getBGValue($current['moduleinactive_background_image']);ثم ابحث عن
$css['content_background_image'] = self::getBGColor($current['content_background_image']);استبدلها بالتالي
$css['content_background_image'] = self::getBGValue($current['content_background_image']);ثم ابحث عن
$css['button_background_image'] = self::getBGColor($current['button_background_image']);استبدلها بالتالي
$css['button_background_image'] = self::getBGValue($current['button_background_image']);ثم ابحث عن
$css['headers_background_image'] = self::getBGColor($current['headers_background_image']);استبدلها بالتالي
$css['headers_background_image'] = self::getBGValue($current['headers_background_image']);ثم ابحث عن
public static function getBGColor($image_url)استبدالها بالتالي
public static function getValidColor($colorval)
{
//here's how we can determine what this is:
// if it starts with # or rgb( then it's trying to be a valid color )
// if it's in color_strings then it's a valid color.
//if it's an array of three appropriate hex values, it's valid
// otherwise it's trying to be an url
$colorval = trim($colorval);
//It might be the word "transparent"
if (strtolower($colorval) == 'transparent')
{
return 'transparent';
}
//see if it's a valid color in # format
$valid_colors = "!^#?([a-f]|[A-F]|[0-9]){3}(([a-f]|[A-F]|[0-9]){3})?$!iU";
$matches = array();
if (preg_match($valid_colors, $colorval, $matches))
{
$valid_color = $matches[0];
if ($valid_color[0] != '#')
{
$valid_color = '#' . $valid_color;
}
return $valid_color;
}
//let's strip out any spaces.
$colorval = str_replace(' ', '',$colorval);
$colorval = ($colorval);
//maybe it's an 'rgb(red,green,blue)' value
if (substr(strtolower($colorval),0,4) == 'rgb(')
{
$tmpcolor = substr(strtolower($colorval),4);
//remove any trailing spaces
//is there a ')' on the right? If so, remove it.
if (substr($tmpcolor, -1,1) != ')')
{
return false;
}
$tmpcolor = substr($tmpcolor, -1,1);
$tmpcolor = explode(',',$tmpcolor);
if ((count($tmpcolor) == 3) &&
(intval($tmpcolor[0]) >= 0) && (intval($tmpcolor[0]) <= 256) &&
(intval($tmpcolor[1]) >= 0) && (intval($tmpcolor[1]) <= 256) &&
(intval($tmpcolor[2]) >= 0) && (intval($tmpcolor[2]) <= 256))
{
return '#' . dechex($tmpcolor[0]) . dechex($tmpcolor[1]) . dechex($tmpcolor[2]);
}
}
return false;
}
protected function cleanImageLoc($imageLoc)
ثم ابحث عن
if (!$image_url OR strtolower($image_url) == 'transparent' OR strtolower($image_url) == 'none')استبدلها بالتالي
if (preg_match($filter, $imageLoc, $matches))
{
return false;
}
return $imageLoc;
}
public static function getBGValue($image_url)
{
//sometimes we have the word 'none'
if (strtolower($image_url) == 'none')ثم ابحث عن
//if it's in the form url(<something) then we just return.ثم اضف فوقها
//it might be a color;
$result = self::getValidColor($colorval);
if ($result)
{
return $result;
}
//Let's see if it's an image. First clean it.
$image_url = self::cleanImageLoc($image_url);
if (!$image_url)
{
return false;
}فى المجلد الرئيسي , الملف css.php
ابحت عن
{
$templater->register($varname, vB::$vbulletin->stylevars['font']['family']);
}
else
{اضف بعدها
if (preg_match("#_(color|border)$#", $varname))
{
//color values are validated heavily on input and tend to
//get destroyed by when escaped.
}
else
{
//IE6 will accept "javascript:" urls. Unfortunatley it will do so even if the
//url strings are encoded. We remove whitespace from the string to avoid attempts
//to break up the word javascript in ways the css parser might still recognize.
if(stripos(preg_replace("#\s#", "", $setting), 'javascript') !== false)
{
$setting = '';
}
else
{
$setting = css_escape_string($setting);
}
}
للاخوة الى مش بيحبوا التعديل يقدروا يعملوا استبدال للملفات الى فى المرفقات
التحديث الأمني لنسخة 4.0.8 pl1 (http://www.mtwer.com/vb/t48416.html)