Thank you very much for the update and the fix.<br />I will now switch it on and see what happens. <img src="http://www.ubbdev.com/forum/images/graemlins/smile.gif" alt="" /><br /><br />Greetings<br />carl

I use the age verification for users prior to signing up and every time a user tries to sign up:<br /><br />Script "/final/newuser.php" has been called with an invalid parameter.<br />Parameter named "ssubbt_dob" with a value of "11/18/1989" contained invalid characters. Valid type is: alphanum.<br /><br /><br />Is there a way to avoid this specific one? or should I change the code to input the DoB as 19811118 or something like that?

Open ubbt.inc.php and replace<br />$validate->addKnownParam($config['cookieprefix'] . "ubbt_dob",'alphanum');<br /><br />with<br />$validate->addKnownParam($config['cookieprefix'] . "ubbt_dob",'text');

Hi, <br />I still get this: <br /> <br />ERROR: Script "/Cat/0/Number/35279/page/vc/1" has been called with an invalid parameter. <br />ERROR: parameter named "page" with a value of "vc" contained invalid characters. Valid type is: num. <br /> <br />-and- <br /> <br />ERROR: Script "/Cat/0/Number/31920/page/fpart/5/vc/1" has been called with an invalid parameter. <br />ERROR: parameter named "page" with a value of "fpart" contained invalid characters. Valid type is: num. <br /> <br />ERROR: User agent was: Googlebot/2.1 (+http://www.google.com/bot.html) <br />ERROR: Full URI was: /showthreaded.php/Cat/0/Number/35279/page/vc/1 <br /> <br /> <br />So cat is not 'num' if "Googlebotfriendly" is activated in the Board prefs? <br />(Or do I have a problem in the database?) <br /> <br />And what is to do with "unknown formats? <br /> <br />INFO: UNKNOWN PARAMETER FOUND: U_Language. Value was: english <br />INFO: Full URI was: /FORUM/php/forum/adduser.php <br />INFO: UNKNOWN PARAMETER FOUND: U_AcceptPriv. Value was: yes <br />INFO: Full URI was: /FORUM/php/forum/adduser.php <br />INFO: UNKNOWN PARAMETER FOUND: U_TimeFormat. Value was: short4 <br />INFO: Full URI was: /FORUM/php/forum/adduser.php <br /> <br /> <br />Greetings <br />Carl

[]So cat is not 'num' if "Googlebotfriendly" is activated in the Board prefs?<br />(Or do I have a problem in the database?) [/]<br />Well that's a problem of ubbthreads an not a problem of this modification. The function that translates the search engine friendly urls back into variables is a very simple one.<br />It takes the url and takes all "subdirectories" as key/pair values.<br />So long story short: If your url is invalid, the translation into variables will fail which causes a security alert.<br /><br />Invalid url: /Cat/0/Number/35279/page/vc/1<br />Valid url: /Cat/0/Number/35279/page/0/vc/1<br /><br />[]<br />And what is to do with "unknown formats? <br />[/]<br />See the readme.txt for details, but basically you can add them in ubbt.inc.php with:<br /><br />$validate->addKnownParam('U_Language','text');<br />$validate->addKnownParam('U_AcceptPriv','text');<br />$validate->addKnownParam('U_TimeFormat','text');

Updated the attachment with version 1.1.1.<br />It contains several "new" variables and fixes some to strict checks.<br />Everybody should update to this version to avoid false alerts.<br /><br />To upgrade simply adjust the configuration directives in Validation.php and replace the version on your server.

I use UBBT 6.5. In the instructions for 6.5 you say that there are 6 occurences of "return $thisvar;". I have two additional occurences of "return $thisvar;" in the if ($type == "session") block. This matches with your 6.3 and 6.4 instructions. <br /><br />Did you make a typo?<br /><br />Tjerk.

The instructions are made for 6.5.1, didn't notice that the code differs in 6.5.<br /><br />So just use the instructions for 6.4:<br /><br />There are 8 occurences of "return $thisvar;".<br />Place the following line before the occurences 1 to 6.<br />So skip the last two located in the "if ($type == "session") {" block.<br /><br />Will update that for the next release. Thx for your hint.

I noticed the same thing. I added the line before all 7 occurences I could find and the site went blank. Commented out the last one (after the first six) and it worked.

May I suggest you move the info about the CONFIGURATION OPTIONS in the end of the instructions.txt file to the instructions right above the options in the Validate.php, and weed out obvious differences like LOG_UNKNOWN_VARS versus LOG_UNKNOWN_PARAMS and ALLOW_UNKNOWN_VARS versus ALLOW_UNKNOWN_PARAMS etc? Also the info about the default settings is not correct everywhere. <br /> <br />Also, in the info about the LOG_UNKNOWN_PARAMS you refer to setting "this to one", where you seem to mean 'true' <img src="http://www.ubbdev.com/forum/images/graemlins/grin.gif" alt="" /> <br /> <br />Apart from that, nice mod! <br /> <br />Tjerk. <br /> <br />Edit: and maybe rename Validate.php to validate.php?

in your instructions you wrote: <br /> <br />1. Open Validate.php and set the path to the logfile (Line 57). This file must be writeable by the webserver. You can adjust the settings at the top (defined in constants). Standard settings should be fine in most cases. <br /> <br />should this be a path to directory only or a path with filename ? <br /> <br />/edit: it must include a filename <img src="http://www.ubbdev.com/forum/images/graemlins/smile.gif" alt="" /> <br /> <br />You wrote something about the Googlebot and fix it in 1.1.1 <br />In my log I see the Yahho Slurp like this: <br /> <br />ERROR: SECURITY ALERT: POSSIBLE XSS ATTACK DETECTED! <br />ERROR: Script "/ubbthreads/showthreaded.php" has been called with an invalid parameter. <br />ERROR: parameter named "page" with a value of "vc" contained invalid characters. Valid type is: num. <br />ERROR: Script has been called from: 68.142.250.13 <br />ERROR: User agent was: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) <br />ERROR: Referer was: <br />ERROR: Full URI was: /ubbthreads/showthreaded.php?Number=108450&page=vc <br />ERROR: END OF SECURITY ALERT. <br /> <br />I m not sure how to handle your script and like to ask for your assist. <br /> <br />While do some tests I get: <br /> <br />INFO: UNKNOWN PARAMETER FOUND: sub. Value was: browser_misc <br />INFO: Script "/ubbthreads/feeds/rss.php" has been called with an unknown parameter./ubbthreads/feeds/rss.php?func=board&sub=browser_misc <br />INFO: Full URI was: /ubbthreads/feeds/rss.php?func=board&sub=browser_misc <br />INFO: Script has been called from: 80.136.191.134 <br />INFO: Referer was: <br />INFO: User agent was: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.0

Will any of these work with 6.1.1?

I'll upload a new version of this mod with some clearer instructions this weekend.<br /><br />Regarding the google/yahoo bot:<br /><br />"/ubbthreads/showthreaded.php?Number=108450&page=vc"<br />is an url with invalid parameters.<br />It should be<br />"/ubbthreads/showthreaded.php?Number=108450&page=&vc"<br /><br />Note the additional &.<br />So the securiy alert is correct. This will not be changed, as this is the desired behaviour. The page parameter should be an integer value.<br />In your case, it has the value "vc" which is not allowed.<br /><br />Apart from that, you can change the behaviour by modifing the known_params array in Validate.php.<br />Search for "page => 'int' and replace it with "page => 'alphanum'.<br />But beware, that this may lead into a security problems.<br /><br /><br />Regarding the unknown parameter<br />"UNKNOWN PARAMETER FOUND: sub. Value was: browser_misc"<br />The script /ubbthreads/feeds/rss.php isn't a standard ubbthreads script, is it?<br /><br />You can manually add new params to the validation script. Have a look at the readme.txt for further instructions on how to do this.

[]dont said:<br />Will any of these work with 6.1.1? [/]<br /><br />I haven't tested this mod with 6.1.1, because neither I or any of my clients are still using that version.<br />You could try to use the instructions for 6.3.2, but I can't promise that it will work.

If I try to rename a forum in the control panel I get this error:<br /><br />Warning: preg_match() expects parameter 2 to be string, array given in /home/.../ubbthreads/Validate.php on line 320<br /><br />Warning: htmlentities() expects parameter 1 to be string, array given in /home/.../ubbthreads/Validate.php on line 301<br /><br />We cannot proceed.<br />This page has been called with an invalid option.<br />The execution has been aborted for security reasons.<br /><br />Further information:<br /><br />Name of option: forum<br />Value of option:<br />Expected data type: alphanum<br />Name of the script: /ubbthreads/admin/doforummanage.php<br />Current time: 10.07.2005 19:38<br /><br />Please contact us if you think that all options are correct. You might have found a bug in our software.<br /><br />Please use your back button to return to the previous page.

Can you put a php script on your server and just do this in it:<br /><br />echo $_SERVER["PATH_TRANSLATED"];<br /><br />Seems that this variable isn't filled correctly in your environment. Or send a link to your phpinfo site via pm/mail.

Check you dont have a 'special character' in one of the external lists such as your bad word list as well.

[]Astaran said:<br />Can you put a php script on your server and just do this in it: echo $_SERVER["PATH_TRANSLATED"];[/]<br /><br />I try it but get a blank page as output. I run on a ZEUS Webserver, no Apache. I can send you phpinfo to PM if you like.

[]peterhd said:<br />Check you dont have a 'special character' in one of the external lists such as your bad word list as well. [/]<br /><br />which list excactly? I cant remember to change anything like this. Where I should look too ?

your censored word list, reserved names list, etc. <img src="/forum/images/graemlins/smile.gif" alt="" />