What does Javascipt do?

**kau** · 07-30-2010 12:52 PM

We are trying to track down a SQL injection and I came across this block of code that I notice we have but lots of other installs of vBSEO other people are running lack.

<script type="text/javascript">
//<![CDATA[

window.orig_onload = window.onload;
window.onload = function() {
var cpost=document.location.hash.substring(1);var cpost2='';if(cpost){ var ispost=cpost.substring(0,4)=='post';if(ispost)cpos t2='post_'+cpost.substring(4);if((cobj = fetch_object(cpost))||(cobj = fetch_object(cpost2))){cobj.scrollIntoView(true);} else if(ispost){cpostno = cpost.substring(4,cpost.length);if(parseInt(cpostn o)>0){location.replace('http://www.XXXX.com/showthread.php?p='+cpostno);};} }

if(typeof window.orig_onload == "function") window.orig_onload();
}

//]]>
</script>

What does that code do and what setting is putting it there?

**Brian Cummiskey** · 07-30-2010 01:11 PM

This allows the permalink in the post bit to scroll into view when clicked (or linked). It is ok to have and isn't an exploit.

**Ky!** · 09-11-2010 05:26 AM

This produces crawling errors ( seen in webmaster tools ), how to fix it?

Or in german: Code verursacht crawling fehler

**Brian Cummiskey** · 09-12-2010 12:05 AM

Google is indexing this incorrectly. There is nothing here to index on regular threads, only threads using the pagination.

ie

What does Javascipt do?
will always be blank
but
What does Javascipt do?
has a hash and a cpostno var to fill in.

google needs to refine there JS indexing, because it's clearly broken right now. If its giving you 404s, just ignore it. a thread without a postId SHOULD 404.

**kau** · 12-08-2010 07:38 PM

Is there a way to disable this chunk of Javascript by modifying a plugin?

Like wrapping a plugin in a IF condition to see if the userid is greater then 0. Not looking for the code but what plugin it would be in or if it's not and it would be a file hack.

My issue is I have that option set but in postbit I put an IF condition around it so guests don't see post links.

**Brian Cummiskey** · 12-08-2010 07:44 PM

It would require a code edit in the vbseo php files.

**Oleg Ignatiuk** · 12-09-2010 04:03 AM

You can modify functions_vbseo_hook.php file:
find:
if(!strstr($_SERVER['HTTP_REFERER'],$_SERVER['VBSEO_URI']) && !vbseo_is_threadedmode())
add above:
if(0)

What does Javascipt do?

LinkBack

Thread Tools

Display

What does Javascipt do?

Posting Permissions