As i am going thru this trying to find the comment culpret i will post other things i find.
Such as:
1. Admins.comms.php found issue with presidence of code order.
Current code:
PHP Code:
global $userbank, $theme; if(!defined("IN_SB")){echo "You should not be here. Only follow links!";die();}if(isset($GLOBALS['IN_ADMIN']))define('CUR_AID', $userbank->GetAid());
I believe it should check for the defined value first as a security measure.
Like so:
PHP Code:
if(!defined("IN_SB")){echo "You should not be here. Only follow links!";die();}
global $userbank, $theme;
if(isset($GLOBALS['IN_ADMIN']))define('CUR_AID', $userbank->GetAid());
2. I believe the comment parsing on the page issue is because they used
PHP Code:
// ***** and so on for their comment.
//where
/* this is a comment valid comment */
// this is also a valid comment
//but the way they did this, they mixed the two ways which confuses the server
//the server sees forward slash start and thinks its a comment and then it sees a start forward
//slash and thinks its the end of the comment. And this is why its parsing it.
so what i will do to test this is do the following: i will change all 53 files that have this type of
defined value in the following way and see if it corrects the issue. Because so far im not finding
any issue with the files other than this.
Its easier to just change the * to #
PHP Code:
// #######################################################################
// This file is part of SourceBans++.
//
// Copyright (C) 2014-2016 Sarabveer Singh <[email protected]>
//
// SourceBans++ is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, per version 3 of the License.
//
// SourceBans++ is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with SourceBans++. If not, see <http://www.gnu.org/licenses/>.
//
// This file is based off work covered by the following copyright(s):
//
// SourceBans 1.4.11
// Copyright (C) 2007-2015 SourceBans Team - Part of GameConnect
// Licensed under GNU GPL version 3, or later.
// Page: <http://www.sourcebans.net/> - <https://github.com/GameConnect/sourcebansv1>
//
// ###############################################################################
i will keep you posted. :)
3. pages/admin.edit.server.php - Admin edit server file has the div at the top of the file, php tag should always be the very first thing in line 1
original code
PHP Code:
<div id="admin-page-content">
<?php
// *************************************************************************
// This file is part of SourceBans++.
//
// Copyright (C) 2014-2016 Sarabveer Singh <[email protected]>
//
// SourceBans++ is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, per version 3 of the License.
//
// SourceBans++ is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with SourceBans++. If not, see <http://www.gnu.org/licenses/>.
//
// This file is based off work covered by the following copyright(s):
//
// SourceBans 1.4.11
// Copyright (C) 2007-2015 SourceBans Team - Part of GameConnect
// Licensed under GNU GPL version 3, or later.
// Page: <http://www.sourcebans.net/> - <https://github.com/GameConnect/sourcebansv1>
//
// *************************************************************************
if(!defined("IN_SB")){echo "You should not be here. Only follow links!";die();}
should be like this
PHP Code:
<?php
// #######################################################################
// This file is part of SourceBans++.
//
// Copyright (C) 2014-2016 Sarabveer Singh <[email protected]>
//
// SourceBans++ is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, per version 3 of the License.
//
// SourceBans++ is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with SourceBans++. If not, see <http://www.gnu.org/licenses/>.
//
// This file is based off work covered by the following copyright(s):
//
// SourceBans 1.4.11
// Copyright (C) 2007-2015 SourceBans Team - Part of GameConnect
// Licensed under GNU GPL version 3, or later.
// Page: <http://www.sourcebans.net/> - <https://github.com/GameConnect/sourcebansv1>
//
// ###############################################################################
?>
<div id="admin-page-content">
<?php
if(!defined("IN_SB")){echo "You should not be here. Only follow links!";die();}
//and then the rest of the php follows
4. Preference only - i dont like it when they use . for name separators instead of _ in file names. Example: name.name.name.php its better to use name_name_name.php
5. I hope they remember when they rewrite this script that "if all you have is PHP in your file" then "you do not need the closing php tag". This will prevent some header loaded issues from the past.
6. OK after going through most of the files in several directories and replacing the header text with new text, i finally found the issue with the parsing of the header comments with some nifty detective work. Seems the dev was just too lazy, he said so himself in the file. I can understand being too tired or too frustrated or too wacky because of coding stress, im a programmer as well. But "LAZY" i cant stand for, its just a poor excuse and does not set a good example at all.
Anyway here is the code.
Its in pages/admin.edit.group.php
It begins right at line 79
Original Code:
PHP Code:
<?php echo str_replace("{title}", $name, @file_get_contents(TEMPLATES_PATH . "/groups.web.perm.php")) ;?>
<br /><?php }elseif($_GET['type'] == "srv"){?>
<h3>Server Admin Permissions</h3>
<?php $permissions = str_replace("{title}", $name, @file_get_contents(TEMPLATES_PATH . "/groups.server.perm.php")) ;
echo $permissions;
// Group overrides
// ALERT >>> GROSS CODE MIX <<<
// I'm far to lazy to rewrite this to use smarty right now.
$overrides_list = $GLOBALS['db']->GetAll("SELECT * FROM `" . DB_PREFIX . "_srvgroups_overrides` WHERE group_id = ?", array($_GET['id']));
?>
So to explain whats happing is that he echos (prints out) the full content of the other PHP file - which also includes the php tags. When he echos that value the server has to process (or not) the extra php tags that dont belong, so it parses the comments from the other php file because thats what its told to do basically.
So the solution would the be include the value file but strip out the php tags in the file. So rather than rewrite this all over again lets just patch what is already done here.
Here is the fix:
For this part original code
PHP Code:
echo str_replace("{title}", $name, @file_get_contents(TEMPLATES_PATH . "/groups.web.perm.php")) ;
lets do this instead, might as well stick with his process, it cant get any worse lol
New Code:
The easiest thing to do is just to remove the header content from this one (included file) content value and "define" statement and just open and close the php at the top of the file file right away. Since the rest of the file "pages/groups.web.perm.php" is all html then thats ok. We will just have to move some php tags around in our pages.admin.edit.group.php file to accomadate it.
for the pages/admin.edit.group.php file change this part:
This is from line 76 to 80 exactly as it is in the original
PHP Code:
<?php if($_GET['type'] == "web")
{?>
<h3>Web Admin Permissions</h3>
<?php echo str_replace("{title}", $name, @file_get_contents(TEMPLATES_PATH . "/groups.web.perm.php")) ;?>
<br /><?php }elseif($_GET['type'] == "srv"){?>
cut those lines out and add this in its place:
PHP Code:
<?php
if($_GET['type'] == "web")
{
echo "<h3>Web Admin Permissions</h3>";
$filevalue = str_replace("{title}", $name, @file_get_contents(TEMPLATES_PATH . "/groups.web.perm.php")) ;
echo $filevalue;
echo "<br />";
}elseif($_GET['type'] == "srv"){
?>
Then for the pages/groups.web.perm.php file change this: (remember i changed mine to # sign rather than stars *... ) just in case it does not look the same as yours.
PHP Code:
<?php
// #######################################################################
// This file is part of SourceBans++.
//
// Copyright (C) 2014-2016 Sarabveer Singh <[email protected]>
//
// SourceBans++ is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, per version 3 of the License.
//
// SourceBans++ is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with SourceBans++. If not, see <http://www.gnu.org/licenses/>.
//
// This file is based off work covered by the following copyright(s):
//
// SourceBans 1.4.11
// Copyright (C) 2007-2015 SourceBans Team - Part of GameConnect
// Licensed under GNU GPL version 3, or later.
// Page: <http://www.sourcebans.net/> - <https://github.com/GameConnect/sourcebansv1>
//
// ###############################################################################
if(!defined("IN_SB")){echo "You should not be here. Only follow links!";die();}
?>
to this: (the only change your making is to the top of the file ONLY!)
NOTE: since the other file checks for the defined value then unless someone loads this file directly (which they should not) then youll be fine leaving the define out of this file and just having the html.
That should patch it just fine. Now the edit groups page will load without the nasty parsed comment.
Enjoy :)
After thought: youll have to do the same probably with the two server admin files and the two server files as well in the group management page. I just did the first option for the web admin groups, but i see the others have the same issue.
