Upcoming patches for MCCodes released versions

[Dabomstew]

Thought I'd take this discussion out of the "bug tracker" topic as the patching process is well under way.

MCCodes is releasing patches that contain security & other bug fixes for all 3 currently sold MCCodes versions - v1, v2 and Redux. This process is currently underway with the development of a patch for v2.

The current changelog for the v2 patch is below, to show progress & allow you to fix these bugs yourself manually if you so wish (excluding security-related fixes to stop people trying to exploit them before the patch comes out):
[critical bugfix] mysqli class was missing escape function
[bugfix] lots of texts were getting double escaped
[bugfix] register script fixed to not accept weird genders, etc
[bugfix] fix gender in installer
[bugfix] fix Crystals in Hall of Fame http://www.makewebgames.com/showthre...n-version-2-03
[bugfix] fix other weird hall of fame behaviour
[bugfix] fix gang record viewer http://www.makewebgames.com/showthre...er-v2-03-error
[bugfix] fix gang credit crystals http://www.makewebgames.com/showthre...er-v2-03-error
[bugfix] fix editing items losing their effects
[bugfix] fix a users staffnotes being wiped when you use "edit user"
[bugfix] fix stafflist
[bugfix] gang record now records in stafflog properly
[bugfix] some staff pages now close properly
[bugfix] ending polls now works
[bugfix] raw references to mysql_query,mysql_num_rows etc replaced with $db usage
[bugfix] prevent users doing invalid crimes
[oddity] generic references to "Mono Country", "Dabomstew" etc removed from game rules & help tutorial
[oddity] mysqli classwas missing affected rows, added back (but not critical bug as never used before)
[compat] validate_email uses filter_var in all circumstances now
[imprv] All uses of AJAX changed to use jQuery library
[imprv] PHP notices reduced
[imprv] Staff logs page cleaned up (e.g. message for "no attacks yet" etc)
[imprv] Some uses of "num_rows" changed to fetch_single on COUNT to improve execution times

I'll repeat: this changelog does not contain security fixes. There are security fixes, which will be disclosed in more detail when the fixes are actually released.
Nor is it finalised, we are still looking for more bugs by checking the code, forums & bug tracker. The v1 and Redux patches will be along similar lines.

As far as an ETA goes? Barring the discovery of really bad exploits and/or bugs in the engines, we're aiming to push through all three patches by early February at the latest.

[Mystical]

That all sounds great. Any way to add back in the gang crimes that are missing?

[Dabomstew]

We can provide a separate script that adds stock gang organised crimes to a v2 game if that's wanted by anyone - but it isn't really part of a patch persay, especially for people who have already SQLed in their own.

[rulerofzu]

All very well but I can see where this is leading to already.

All the bugs and exploits pre redux and 2.0.3 you can find on the forum anyway fixed by the community as you wouldnt provide or support your engine.

Then you came back released 2.0.3 quickly followed by the launch of redux for a fee.

Now after another long stint away your back. Fixing it up some more and also working on releasing another version.

Lets face it your only attempting to fix the previous engines in an attempt to restore the faith in mccodes for the launch of the next version. If it wasnt for you working on v3 I highly doubt you would be here at all.

[Nickson]

How black and white of you ruler...

Yes, many bugs have been reported by the community for them. But I haven't found out a topic for all bugs and issues I have discovered so far.
Yes, this is a marketing move by them so everyone has a little bit more faith in the next engine, but they are here due to our "lobbying" as well. We've asked them many times, sometimes a bit more friendly than otherwise, but we also explained some things and it seems that we finally got through to them.
I'm already happy that they are fixing and packaging things up and spread a release with fixes via the official channel.


However, one issue that a lot of people seem to forget, simply don't know because they don't read everything or they just ignore it completely is this: http://www.makewebgames.com/showthre...codes-Relation
Read that post properly but I'll say it again and keep saying it.
Official MCC support is NOT given on MWG, MWG can only provide community support. If you want a response by an official member of MCC, use their contact links. Does this mean I'm happy with the current situation? No of course not, I'd like to see them more involved of course, as it only helps both mcc and mwg itself. But if mcc decides not too, it's their right.

Now everyone that will make a post .. stay on topic please

If there are any questions, feel free to contact me.

[Danny696]

I wonder what McCodes will try and sell us now. Everytime they have done something regarding their engine its always been the same. Give us more money for this rubbish that doesn't do what we just said it will do.

Oh boy, I've just found this;

[critical bugfix] mysqli class was missing escape function

Honestly I've never seen an mccodes game that uses MySQLi. That and the fact the class has nothing to do with the MySQLi functions that actually make it improved, so nothing really comes from the MySQLi class.

[Nickson]

Okay, the classes are indeed overrated and not what they could have been, but that counts for the whole package. However, the classes were provided in the first place. If it's missing a critical function for their software package, they should fix it, no? I think they should. The fact that mysql_real_escape_string() can only be used when a connection tot he db has been established, makes it somewhat fair that the function is placed there as well. Many or "none that I know of" use it, is not a good parameter to base yourself upon when making a decision...

Now that they are fixing bugs, show them encouragement. Stop being so negative about every move they make when it's an improvement, especially you danny And IIRC mcc is what made you what you are today.

[Dominion]

First off it’s nice to see you posting, and active again for bug fixes.

[bugfix] lots of texts were getting double escaped

I’m going to hope that means you removed the foreach() that tried escaping everything (well… addslashes() anyway). Still at the top of files such as authenticate.php.

[compat] validate_email uses filter_var in all circumstances now

I don’t remember the exact version, however I know it’s still common for shared hosting. This function (filter_validate_email of filter_var anyway) had a bug. You may want to check it.

[imprv] All uses of AJAX changed to use jQuery library

I would suggest creating Javascript, css, directories in order to separate them. It has its benefits e.g. easier to debug.

You surprise me; 99% of the projects I work with use the new MySQLI class
(though not the provided one)

The Mysqli class mccodes provides would not give any added benefits to the user. This is what Danny is talking about not Mysqli in general.

[Dabomstew]

Addressing some points here quickly:

* The thing that duplicates the effects of magic_quotes_gpc on servers without it is still there. Simple reason? Mod compatibility. It would be simple enough to recode the base engine to not use it at all (and in fact do the opposite) but a patch such as this is not intended to break years worth of mods.
* I have heard one or two inklings here of issues with filter_var - will look into it before releasing this patch.
* Location of jQuery can be specified in settings - by default it's in a "js" directory but you can e.g. use the Google APIs server copy instead. The usage of jQuery should be simple enough to not require any specific version, though I will check to see which (if any) version it breaks on and make sure users are told to use at least the one above.
* No, MCCodes v2/Redux do not use any of the actual improvements in MySQLi, but a broken class is a broken class. Again, changing v2/Redux to use MySQLi in the way it is intended would be outside the scope of a patch (would break support for servers without it, most likely)

Also, I have updated the main post with an updated changelog, reflecting further progress on the 2.0.4 patch. The same conditions as before apply. A release by the end of this week is possible, with the other 2 patches to follow not long afterwards.

[H4x0r666]

Yes, many bugs have been reported by the community for them. But I haven't found out a topic for all bugs and issues I have discovered so far.

Then start a topic and collect all those fixes in it ? xD