MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > The templates below matched known security issues. Please review them.
Full Version: The templates below matched known security issues. Please review them.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

vecas

2012-11-13, 02:51 AM
Default RTL Templates
calendar
warnings_warn_type

the codes 

<html>
<head>
	<title>{$mybb->settings['bbname']} - {$lang->calendar}</title>
	{$headerinclude}
</head>
<body>
	{$header}
	<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
		<thead>
			<tr>
				<td class="thead" colspan="8">
					<div class="float_right">
						<a href="{$prev_link}">&laquo; {$monthnames[$prev_month['month']]} {$prev_month['year']}</a> | <a href="{$next_link}">{$monthnames[$next_month['month']]} {$next_month['year']} &raquo;</a>
					</div>
					<div><strong>{$monthnames[$month]} {$year}</strong></div>
				</td>
			</tr>
			<tr>
				<td class="tcat">&nbsp;</td>
			{$weekday_headers}
			</tr>
		</thead>
		<tbody>
		{$calendar_rows}
		</tbody>
	</table>
<br />
<form action="calendar.php" method="post">
	<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
		<tr>
			<td class="trow1">
				<table width="100%" cellspacing="0" cellpadding="0" border="0">
					<tr>
						<td class="trow1" valign="top">{$addevent}</td>
						<td class="trow1" align="right">
						<span class="smalltext"><strong>{$lang->jump_month}</strong></span>
						<select name="month">
							<option value="{$month}">{$monthnames[$month]}</option>
							<option value="{$month}">----------</option>
							<option value="1">{$lang->alt_month_1}</option>
							<option value="2">{$lang->alt_month_2}</option>
							<option value="3">{$lang->alt_month_3}</option>
							<option value="4">{$lang->alt_month_4}</option>
							<option value="5">{$lang->alt_month_5}</option>
							<option value="6">{$lang->alt_month_6}</option>
							<option value="7">{$lang->alt_month_7}</option>
							<option value="8">{$lang->alt_month_8}</option>
							<option value="9">{$lang->alt_month_9}</option>
							<option value="10">{$lang->alt_month_10}</option>
							<option value="11">{$lang->alt_month_11}</option>
							<option value="12">{$lang->alt_month_12}</option>
						</select>
						<select name="year">
							<option value="{$year}">{$year}</option>
							<option value="{$year}">----------</option>
							{$yearsel}
						</select>
						{$gobutton}
						<br /><br />
						<span class="smalltext"><strong>{$lang->jump_to_calendar}</strong></span>
						{$calendar_jump}
						{$gobutton}
						</td>
					</tr>
				</table>
			</td>
		</tr>
		</table>
	</form>
{$footer}
</body>
</html>



and the other template


					<dt><label style="display: block;"><input type="radio" name="type" value="{$type['tid']}" {$type_checked[$type['tid']]} class="types_check" onclick="checkType();" style="vertical-align: middle;" /> <strong>{$type['title']}</strong> $points</label></dt>
					<dd style="margin-top: 4px;" id="type_{$type['tid']}" class="types">
						<div class="smalltext">{$lang->new_warning_level}</div>
						<div class="tborder" style="width: 150px; float: left; margin: 0; padding: 1px;">
							<div class="trow1" style="width: {$current_level}%; float: left; ">&nbsp;</div>
							<div class="trow2" style="width: {$level_diff}%; float: left;">&nbsp;</div>
						</div>
						<div style="padding-left: 10px; font-weight: bold; float: left;">{$new_warning_level}%</div><br style="clear: left;" />
						{$result}
					</dd>


what this issue and how can i fix it ?!

Nobby

2012-11-13, 02:53 AM
Try posting in the Themes & Templates support forum:
http://community.mybb.com/forum-10.html Smile

vecas

2012-11-13, 02:59 AM
Big Grin iam sorry man , iam new in mybb , i was using Vbulletin so i saw many strange things in this scripts , its perfect Big Grin . i cant sleep its attract my brain Big Grin

Nobby

2012-11-13, 03:01 AM
(2012-11-13, 02:59 AM)vecas Wrote: [ -> ]Big Grin iam sorry man , iam new in mybb , i was using Vbulletin so i saw many strange things in this scripts , its perfect Big Grin . i cant sleep its attract my brain Big Grin

Well, Welcome to MyBB...I am assuming you have noticed this is 5x better lol!

Good luck getting this solved. Smile

vecas

2012-11-13, 03:05 AM
(2012-11-13, 03:01 AM)Nobby Wrote: [ -> ]
(2012-11-13, 02:59 AM)vecas Wrote: [ -> ]Big Grin iam sorry man , iam new in mybb , i was using Vbulletin so i saw many strange things in this scripts , its perfect Big Grin . i cant sleep its attract my brain Big Grin

Well, Welcome to MyBB...I am assuming you have noticed this is 5x better lol!

Good luck getting this solved. Smile

more faster, more easy to use , more advanced control panel , more and more and more , and ITS FREE , so its 10x better than vbulletin Big Grin

Nobby

2012-11-13, 03:37 AM
(2012-11-13, 03:05 AM)vecas Wrote: [ -> ]
(2012-11-13, 03:01 AM)Nobby Wrote: [ -> ]
(2012-11-13, 02:59 AM)vecas Wrote: [ -> ]Big Grin iam sorry man , iam new in mybb , i was using Vbulletin so i saw many strange things in this scripts , its perfect Big Grin . i cant sleep its attract my brain Big Grin

Well, Welcome to MyBB...I am assuming you have noticed this is 5x better lol!

Good luck getting this solved. Smile

more faster, more easy to use , more advanced control panel , more and more and more , and ITS FREE , so its 10x better than vbulletin Big Grin

Amen.

Vernier

2012-11-13, 07:44 AM
Replace the calendar template with the following:

<html>
<head>
    <title>{$mybb->settings['bbname']} - {$lang->calendar}</title>
    {$headerinclude}
</head>
<body>
    {$header}
    <table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
        <thead>
            <tr>
                <td class="thead" colspan="8">
                    <div class="float_right">
                        <a href="{$prev_link}">&laquo; {$prev_month['name']} {$prev_month['year']}</a> | <a href="{$next_link}">{$next_month['name']} {$next_month['year']} &raquo;</a>
                    </div>
                    <div><strong>{$monthnames[$month]} {$year}</strong></div>
                </td>
            </tr>
            <tr>
                <td class="tcat">&nbsp;</td>
            {$weekday_headers}
            </tr>
        </thead>
        <tbody>
        {$calendar_rows}
        </tbody>
    </table>
<br />
<form action="calendar.php" method="post">
    <table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
        <tr>
            <td class="trow1">
                <table width="100%" cellspacing="0" cellpadding="0" border="0">
                    <tr>
                        <td class="trow1" valign="top">{$addevent}</td>
                        <td class="trow1" align="right">
                        <span class="smalltext"><strong>{$lang->jump_month}</strong></span>
                        <select name="month">
                            <option value="{$month}">{$monthnames[$month]}</option>
                            <option value="{$month}">----------</option>
                            <option value="1">{$lang->alt_month_1}</option>
                            <option value="2">{$lang->alt_month_2}</option>
                            <option value="3">{$lang->alt_month_3}</option>
                            <option value="4">{$lang->alt_month_4}</option>
                            <option value="5">{$lang->alt_month_5}</option>
                            <option value="6">{$lang->alt_month_6}</option>
                            <option value="7">{$lang->alt_month_7}</option>
                            <option value="8">{$lang->alt_month_8}</option>
                            <option value="9">{$lang->alt_month_9}</option>
                            <option value="10">{$lang->alt_month_10}</option>
                            <option value="11">{$lang->alt_month_11}</option>
                            <option value="12">{$lang->alt_month_12}</option>
                        </select>
                        <select name="year">
                            <option value="{$year}">{$year}</option>
                            <option value="{$year}">----------</option>
                            {$yearsel}
                        </select>
                        {$gobutton}
                        <br /><br />
                        <span class="smalltext"><strong>{$lang->jump_to_calendar}</strong></span>
                        {$calendar_jump}
                        {$gobutton}
                        </td>
                    </tr>
                </table>
            </td>
        </tr>
        </table>
    </form>
{$footer}
</body>
</html>

Replace the warnings_warn_type template with the following:

                    <dt><label style="display: block;"><input type="radio" name="type" value="{$type['tid']}" {$checked} class="types_check" onclick="checkType();" style="vertical-align: middle;" /> <strong>{$type['title']}</strong> $points</label></dt>
                    <dd style="margin-top: 4px;" id="type_{$type['tid']}" class="types">
                        <div class="smalltext">{$lang->new_warning_level}</div>
                        <div class="tborder" style="width: 150px; float: left; margin: 0; padding: 1px;">
                            <div class="trow1" style="width: {$current_level}%; float: left; ">&nbsp;</div>
                            <div class="trow2" style="width: {$level_diff}%; float: left;">&nbsp;</div>
                        </div>
                        <div style="padding-left: 10px; font-weight: bold; float: left;">{$new_warning_level}%</div><br style="clear: left;" />
                        {$result}
                    </dd>
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > The templates below matched known security issues. Please review them.