Welcome to vbmods.rocks! Get FREE and paid vBulletin mods, plugins, addons, API extensions, custom modules, custom BB Codes, vBCloud mods, CORE hacks, JS hacks, custom coding by Glenn, an ex-vBulletin Developer. You must register before you can post, download the files or copy the code from the free plugins.
Someone also reported the same issue for a vB6 forum. I couldn't figure out why but I fixed it by updating the Edit User link in the template to point directly to the AdminCP profile page instead of the AdminCP index page with frames. Not an ideal solution but it worked.
I couldn't figure out why but I fixed it by updating the Edit User link in the template to point directly to the AdminCP profile page instead of the AdminCP index page with frames.
Will you be updating the MOD, or provide the change in a reply so we can make the edit ourselves?
The Linux Community has given me much. I do what I can to return the favor!
As Kevin Sours mentioned in the ticket, this issue also affects other AdminCP links that point to frames index page (admincp/index.php?loc=admincp/xxxxx/xxxxx). For example, the settings link in the Products & Hooks page.
Last edited by glennrocksvb; 08-11-2024, 10:30 PM.
I don't think they will since they no longer make development for vB5 unless it's a vBulletin security-related issue. But who knows. Maybe you can post in that topic and ask?
Btw, I checked how they fixed the issue in vB 6.0.6.
Starting vB 6.0.6, the Edit User link (and other similar links) had changed
Apparently, the issue started when Apache made a change on the server where passing a URL on the querystring (admincp%2Fuser.php%3Fdo%3Dedit%26u%3D1 in the sample URL above) runs afoul of some security restrictions on Apache mod_rewrite. This change caused the HTTP Forbidden 403 error. The solution made by vB was to change the format of the querystring to pass the parts of the URL separately like locfile=user and locparams%5Bdo%5D=edit and locparams%5Bu%5D=1. From the separate querystring parameters, it would join them together and generate the full URL.
Last edited by glennrocksvb; 08-11-2024, 11:20 PM.
On the assumption that their response is 'No', and seeing as you know how they fixed the issue in vB 6.0.6, will you be able to create a MOD or CSS to 'fix' it for users of vB 5.7.5? We are of course, able to work around this issue; access the user from AdminCP; so it (this issue) isn't a show stopper. It is however, inconvenient.
The Linux Community has given me much. I do what I can to return the favor!
Apache does allow you to disable the its new security features in 2.4.61 and higher. You would have to google this (Apache Allow 3F) and update the main redirect rule on your site. If you do make this change, I highly recommend that you secure your AdminCP, enable Two-Factor Authentication and/or IP Address lockdown in your /core/includes/config.php file.
For now, I'll just login to the AdminCP and review suspect new users there.
The Linux Community has given me much. I do what I can to return the favor!
I finally created a mod that allows you to add an icon to each post with options for sharing on other platforms. I honestly thought it was absurd that...
Comment