MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Template security Risk
Full Version: Template security Risk
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

deve48

2011-12-07, 01:12 PM
I have just checked on Tool maintenance that there it says check this file for security risks : I am using gondar v1 template and the file is warnings_warn_type

the code is : 
<dt><label style="display: block;"><input type="radio" name="type" value="{$type['tid']}" {$type_checked[$type['tid']]} class="types_check" onclick="checkType();" style="vertical-align: middle;" /> <strong>{$type['title']}</strong> $points</label></dt>
					<dd style="margin-top: 4px;" id="type_{$type['tid']}" class="types">
						<div class="smalltext">{$lang->new_warning_level}</div>
						<div class="tborder" style="width: 150px; float: left; margin: 0; padding: 1px;">
							<div style="width: {$current_level}%; float: left; background: #D1C000;">&nbsp;</div>
							<div style="width: {$level_diff}%; float: left; background: #FAE821;">&nbsp;</div>
						</div>
						<div style="padding-left: 10px; font-weight: bold; float: left;">{$new_warning_level}%</div><br style="clear: left;" />
						{$result}
					</dd>

what is the security risk on this ??

Second question is my server is using to much CPU I get most times 508 error ??

frostschutz

2011-12-07, 01:18 PM
{$type_checked[$type['tid']]} should be {$checked} I think

deve48

2011-12-07, 01:25 PM
whaT you mean exactly ? this

{$type_checked[$type['tid']]}

to this ;

{$type_{$checked}[$type['tid']]}
?

and why do my server get allmost on every second page load Resource Limitid Exceeded , white error page ? on cpanle the CPU usage is about 80 to 100 % ?

Yaldaram

2011-12-07, 01:25 PM
The $points is not enclosed in parenthesis, like this {$points}

crazy4cs

2011-12-07, 01:27 PM
Ah yes, Yaldaram is right prolly that is the issue it alarms system it be to a possible security issue.

deve48

2011-12-07, 01:32 PM
weird I just not seem to be able to save the edited file , after hitting save and contunie. it shows up like saved and when I go back to check templates it still remains security issue and when I full edit the file still the old file exist ?

Yaldaram

2011-12-07, 01:33 PM
I can save the template fine.

deve48

2011-12-07, 01:36 PM
well it looks for me to save fine 2 , but when I check for template files it shows me again the same template name and without saved entry ? is there any chmod options maybee for the template files to be edited _*

Yaldaram

2011-12-07, 01:40 PM
Are you renaming the template ? if yes then do not. Just edit the $points to {$points} and save.

deve48

2011-12-07, 01:42 PM
no no I do not rename , just edit the part {$points} thats all. Can I edit this file true FTP what name is this file ?
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Template security Risk