-------------------------------------------------------------------------------------
This PM is automatically generated. Please do not reply.
If you wish to discuss anything in this PM please contact:
paul999
-------------------------------------------------------------------------------------
Hello,
As you may know, all MODs submitted to the phpBB MOD Database must be validated and approved by members of the phpBB Team.
Upon validating your MOD, the phpBB MOD Team regrets to inform you that we have had to deny your MOD.
To correct the problem(s) with your MOD, please following the below instructions:
- Make the necessary changes to correct any problems (listed below) that resulted in your MOD being denied.
- Increase your version number. (See Knowledge Base Article 43 for help.)
- Change the filename. (For example, my_mod_1.0.0.zip would become my_mod_1.0.1.zip.)
- Re-upload your MOD into our MOD Database.
Please ensure you tested your MOD on the latest version of phpBB (see the
Downloads page) before you reupload your MOD.
Before you resubmit your MOD, please check your MOD Syntax via our
MOD Syntax Validator to ensure your MOD is using the correct MOD Template Syntax.
Here is a report on why your MOD was denied:
-------------------------------------------------------------------------------------
Code: $sql2 = "SELECT * FROM ".SESSIONS_TABLE." WHERE session_user_id = '$userdata[user_id]'";
Should beCode: $sql2 = "SELECT * FROM ".SESSIONS_TABLE." WHERE session_user_id = ' . $userdata['user_id'];
Also, obtaining all fields, without using any field, is unneeded.
Code: #
#-----[ FIND ]------------------------------------------
#
//
// That's all, Folks!
// -------------------------------------------------
You can better not search for comment, because translators can change them. Use ?> for searching.
Code: if ($mode == 'newtopic') {
$topicname = $subject;
} else {
$sql = 'SELECT * FROM '. TOPICS_TABLE ." WHERE topic_id = '$topic_id' LIMIT 1";
$result = $db->sql_query($sql);
$topicnamerow = $db->sql_fetchrow($result);
$topicname = $topicnamerow['topic_title'];
}
Error handling for this query is missing.
Code: ^.*)(posting\.php.*$)/',"$1viewtopic.php",htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF']));
ajaxSaxAddItem(0,$userdata['username'],$topicname,$ajaxurl .'?p='.$post_id.'#'.$post_id);
Code: p=
must be replaced with Code: POST_POST_URL . '='
, also I don't think this is a good way to generate a url at this way.
From sax.php:
Code: function SaxTemplates() {
global $phpbb_root_path,$userdata,$template,$saxlog,$lang,$phpEx;
$saxlog = './saxlog.dat';
$template->assign_var('L_SAXYOUSAID' , $lang['YouSaid']);
$template->assign_var('L_SAY' , $lang['Say']);
$template->assign_var('U_SAXLOGPATH' , $phpbb_root_path.'includes');
$template->assign_var('U_SAXSAYPATH' , $phpbb_root_path.'includes/saxsay.'.$phpEx);
$template->assign_var('U_SID' , $userdata['session_id']);
}
It is better to use one call to $template->assign_vars(array());, then more calls to $template->assign_var();
You are in this file also not using the code guidelines for phpbb2.
Code: $out.=SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">'.$who.': '.$what2.'='.matheval($what2).'</span>');
SAX must be placed in the language file. This is in more places in this file
Code: $findwho = preg_replace('/[^\w\d]/','',strtolower($whats[1]));
$length = strlen($findwho);
$sql = "SELECT * FROM ".USERS_TABLE." WHERE LCASE(SUBSTR(username,1,$length)) = '$findwho'";
if( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, "Could not query config information for $sql");
}
$totalfound = $db->sql_numrows($result);
You must replace ' with '' for security in $findwho. This is in more places in this file.
Code: $outstring .= $row['username'] . ' was last online at ' . date('H:i:s',$row['user_lastvisit']);
if (date('m d Y',$row['user_lastvisit']) == date('m d Y'))
{ $outstring .= ' today.'; } else { $outstring .= ' on ' . date('m/d/y',$row['user_lastvisit']) . '.'; }
$out .= SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">'.$outstring.'</span>');
} else {
if ($totalfound == 0)
{
//no users found
$out .= SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">I don\'t know who you mean, '.$who.'.</span>');
} else {
//too many users found
$out .= SAXformatstring('<span class="saxmaroon">SAX:</span> <span class="saxblack">I found more than one user. Could you be more specific, '.$who.'?</span>');
}
}
Hardcored language, must in lang files. Again, this isn't the only one in this file.
From saxajax.js:Code: } else if (xmlhttp.status==302) {
document.getElementById(elementid).innerHTML=='<br />incorrect redirect.'+oldsaxhtml
} else if (xmlhttp.status==403) {
document.getElementById(elementid).innerHTML=='<br />You entered invalid characters!!'+oldsaxhtml
Language must be in lang files.
From saxsay.php:Code: $tempsay = stripslashes(strip_tags(urldecode($HTTP_GET_VARS['what'])));
This must be replaced with htmlspecial chars and a str_replace that ' replaced with ''.
Also, checking for SID isn't needed I think. The language used must be in the lang files.
Also, I think it is better to save the message into the database, instead using a text file. Also, a comment about chmodding the dat file is needed, because without chmodding he cannot be writed with php.
Not sure about the next function, don't know where it is calledCode: function matheval($equation){
$equation = preg_replace("/pi/","3.14159265",$equation);
$equation = preg_replace("/e/","2.718281835",$equation);
$equation = preg_replace("/([^0-9]+)\^([^0-9]+)/","",$equation);
$equation = preg_replace("/[^0-9+\-.*\/()%]/","",$equation);
$equation = preg_replace("/([+-])([0-9]+)(%)/","*(1\$1.\$2)",$equation);
// you could use str_replace on this next line
// if you really, really want to fine-tune this equation
$equation = preg_replace("/([0-9]+)(%)/",".\$1",$equation);
if ( $equation == "" ) {
$return = 0;
} else {
eval("\$return=" . $equation . ";");
}
return $return;
}
-------------------------------------------------------------------------------------
Please refer to the following links before you reupload your MOD:
For further reading, you may want to review the following:
For help with writing phpBB MODs, the following resources exists:
If you feel this denial was not warranted, you can contact the MOD Team Leader, wGEric.
Thank You,
phpBB MOD Team