I used the tutorial provided by Rate U, at Mybb Hacks, to build a trading platform on my forum with x threads. Everything went smoothly, however, upon editing this template, I was prompted with the following error:
Quote:A potential security issue was found in the template. Please review your changes or contact the MyBB Group for support.
I reviewed my changes but didnt notice anything. I would appreciate it if someone could inspect the code below, and notify me of any change I should make. Thank you!
<html>
<head>
<title>{$lang->newthread_in}</title>
{$headerinclude}
<script type="text/javascript" src="jscripts/post.js?ver=1400"></script>
</head>
<body>
{$header}
{$preview}
{$thread_errors}
{$attacherror}
<form action="newthread.php?fid={$fid}&processed=1" method="post" enctype="multipart/form-data" name="input">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
<tr><td class="thead" colspan="2"><strong>New Trade</strong></td></tr>
<tr><td class="tcat" colspan="2"><strong>Required Information</strong></td></tr>
<tr>
<td class="trow_sep" colspan="2">
<div class="float_left">Need To:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdftnt']}</div>
<div class="float_left" style="margin-left: 19px;">Category:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfcat']}</div>
<div class="float_left" style="margin-left: 19px;">Product Name:</div>
<div class="float_left" style="margin-left: 9px;"><input type="text" class="textbox" name="subject" size="40" maxlength="85" value="{$subject}" tabindex="1" /></div>
</td>
</tr>
<tr>
<td class="trow1 smalltext" colspan="2">
Please set whether you want to buy or sell a product. Choose a category of the product, and type the name of the product.
</td>
</tr>
<tr>
<td class="trow_sep" colspan="2">
<div class="float_left">Quantity:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfquantity']}</div>
<div class="float_left" style="margin-left: 19px;">Price:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfminmax']} $ {$tfinput['trdfprice']} for {$tfinput['trdfet']}</div>
<div class="float_left" style="margin-left: 19px;">Condition:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfcond']}</div>
<div class="float_left" style="margin-left: 19px;">Status:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfstatus']}</div>
</td>
</tr>
<tr>
<td class="trow1 smalltext" colspan="2">
You need to set the quantity of the product you want to buy/sell. You can s..........(removed text here so page doesnt run) still available or not by set the status setting.
</td>
</tr>
<tr><td class="tcat" colspan="2"><strong>Additional Information</strong></td></tr>
<tr>
<td class="trow2" width="1">
<textarea name="message" id="message" rows="7" cols="60" tabindex="2">{$message}</textarea>
</td>
<td class="trow2 smalltext" valign="top">
If you have additional info about this trading, you can type it in the text area on the left.
<br class="clear" /><br />
If you have an image ....(edited text to stop page run)........... x 240 pixel.
<br class="clear" />
<div align="center">{$tfinput['trdfimg']}</div>
</td>
</tr>
{$extra_threadfields}
<tr><td class="tcat" colspan="2"><strong>Miscellaneous</strong></td></tr>
<tr><td class="trow_sep" colspan="2"><strong>Payment Method</strong></td></tr>
<tr>
<td class="trow2 smalltext" valign="top" colspan="2">
You need to set what payment method you want to use for this trade. You can choose more than one payment method.
<br class="clear" />
<div>{$tfinput['trdfpayment']}</div>
</td>
</tr>
{$subscriptionmethod}
{$modoptions}
{$captcha}
</table>
<br />
<div style="text-align:center"><input type="submit" class="button" name="submit" value="{$lang->post_thread}" tabindex="4" accesskey="s" /> <input type="submit" class="button" name="previewpost" value="{$lang->preview_post}" tabindex="5" />{$savedraftbutton}</div>
<input type="hidden" name="action" value="do_newthread" />
<input type="hidden" name="posthash" value="{$posthash}" />
<input type="hidden" name="attachmentaid" value="" />
<input type="hidden" name="attachmentact" value="" />
<input type="hidden" name="quoted_ids" value="{$quoted_ids}" />
<input type="hidden" name="tid" value="{$tid}" />
{$editdraftpid}
</form>
{$forumrules}
{$footer}
</body>
</html>
Please let me know if I need to provide any further information.
Replace with this:
<html>
<head>
<title>{$lang->newthread_in}</title>
{$headerinclude}
<script type="text/javascript" src="jscripts/post.js?ver=1400"></script>
</head>
<body>
{$header}
{$preview}
{$thread_errors}
{$attacherror}
<form action="newthread.php?fid={$fid}&processed=1" method="post" enctype="multipart/form-data" name="input">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
<tr><td class="thead" colspan="2"><strong>New Trade</strong></td></tr>
<tr><td class="tcat" colspan="2"><strong>Required Information</strong></td></tr>
<tr>
<td class="trow_sep" colspan="2">
<div class="float_left">Need To:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdftnt']}</div>
<div class="float_left" style="margin-left: 19px;">Category:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfcat']}</div>
<div class="float_left" style="margin-left: 19px;">Product Name:</div>
<div class="float_left" style="margin-left: 9px;"><input type="text" class="textbox" name="subject" size="40" maxlength="85" value="{$subject}" tabindex="1" /></div>
</td>
</tr>
<tr>
<td class="trow1 smalltext" colspan="2">
Please set whether you want to buy or sell a product. Choose a category of the product, and type the name of the product.
</td>
</tr>
<tr>
<td class="trow_sep" colspan="2">
<div class="float_left">Quantity:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfquantity']}</div>
<div class="float_left" style="margin-left: 19px;">Price:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfminmax']} {$tfinput['trdfprice']} for {$tfinput['trdfet']}</div>
<div class="float_left" style="margin-left: 19px;">Condition:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfcond']}</div>
<div class="float_left" style="margin-left: 19px;">Status:</div>
<div class="float_left" style="margin-left: 9px;">{$tfinput['trdfstatus']}</div>
</td>
</tr>
<tr>
<td class="trow1 smalltext" colspan="2">
You need to set the quantity of the product you want to buy/sell. You can set the minimum or maximum price for it. You need to set whether the price is for each product or it is a total price related to the quantity. Price format: x or x.xx You need to set whether the product you want to buy/sell is a new product or a used product. You can set whether the trading still available or not by set the status setting.
</td>
</tr>
<tr><td class="tcat" colspan="2"><strong>Additional Information</strong></td></tr>
<tr>
<td class="trow2" width="1">
<textarea name="message" id="message" rows="7" cols="60" tabindex="2">{$message}</textarea>
</td>
<td class="trow2 smalltext" valign="top">
If you have additional info about this trading, you can type it in the text area on the left.
<br class="clear" /><br />
If you have an image related to the product, you can upload it via the image uploader below. File format: jpeg or jpg or gif or png. Maximum file size: 100 kb. Maximum dimension: 1024 x 768 pixel. Minimum dimension: 320 x 240 pixel.
<br class="clear" />
<div align="center">{$tfinput['trdfimg']}</div>
</td>
</tr>
{$extra_threadfields}
<tr><td class="tcat" colspan="2"><strong>Miscellaneous</strong></td></tr>
<tr><td class="trow_sep" colspan="2"><strong>Payment Method</strong></td></tr>
<tr>
<td class="trow2 smalltext" valign="top" colspan="2">
You need to set what payment method you want to use for this trade. You can choose more than one payment method.
<br class="clear" />
<div>{$tfinput['trdfpayment']}</div>
</td>
</tr>
{$subscriptionmethod}
{$modoptions}
{$captcha}
</table>
<br />
<div style="text-align:center"><input type="submit" class="button" name="submit" value="{$lang->post_thread}" tabindex="4" accesskey="s" /> <input type="submit" class="button" name="previewpost" value="{$lang->preview_post}" tabindex="5" />{$savedraftbutton}</div>
<input type="hidden" name="action" value="do_newthread" />
<input type="hidden" name="posthash" value="{$posthash}" />
<input type="hidden" name="attachmentaid" value="" />
<input type="hidden" name="attachmentact" value="" />
<input type="hidden" name="quoted_ids" value="{$quoted_ids}" />
<input type="hidden" name="tid" value="{$tid}" />
{$editdraftpid}
</form>
{$forumrules}
{$footer}
</body>
</html>
It is, possibly, due to this piece of code: $ {$tfinput['trdfprice']}
Try this instead:
Replace $ {$tfinput['trdfprice']} with & #36; {$tfinput['trdfprice']} (Minus the space after the &, MyBB automatically converts HTML enities back to their human readable other).
@ hiker - I also posted on that issue in the MyBBHacks forum in the thread for the Trading Forum about a month ago - with the exact same fix.
I apologize for overlooking that.
(2012-09-19, 11:13 PM)hiker Wrote: [ -> ]I apologize for overlooking that.
It's ok - it is best usually to ask for help on mybbhacks though - if RateU has made a template and there is a problem he likes to be told.
It said contact the mybb group ya know, so thats where i rushed off too lol, I see what you are saying though. Thanks
Yea, I was baffled at first when it happened - then I found that stray dollar sign. Must be a change in MyBB code at some point as it USED to be fine.
All very odd.