MyBB Community Forums

Full Version: A potential security issue was found in the template.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hey everyone,
I got this text when editing Admin CP > Templates & Style > (your default templates) > Footer Templates > Footer. All I believe that I changed was the wording the copyright (I changed it to say "Core Scripts and Code provided generously by"). The warding message that I was prompted with though was a bit alarming though so I just wanted to check to make sure that I didnt break something deeper!

[Image: pBWBs.jpg]



						<br />
			<div class="bottommenu">
				<div class="float_right">{$lang_select}</div>
				<div>
					<span class="smalltext"><a href="{$mybb->settings['contactlink']}">{$lang->bottomlinks_contactus}</a> | <a href="{$mybb->settings['homeurl']}">{$mybb->settings['homename']}</a> | <a href="#top">{$lang->bottomlinks_returntop}</a> | <a href="#content">{$lang->bottomlinks_returncontent}</a> | <a href="<archive_url>">{$lang->bottomlinks_litemode}</a> | <a href="{$mybb->settings['bburl']}/misc.php?action=syndication">{$lang->bottomlinks_syndication}</a></span>
				</div>
			</div>
			</div>
		<hr class="hidden" />
			<div id="copyright">
				<div id="debug"><debugstuff></div>
				<!-- MyBB is free software developed and maintained by a volunteer community. 
					 It would be much appreciated by the MyBB Group if you left the full copyright and "powered by" notice intact, 
					 to show your support for MyBB.  If you choose to remove or modify the copyright below, 
					 you may be refused support on the MyBB Community Forums.
					 
					 This is free software, support us and we'll support you. -->
{$lang->Core Scripts and Code provided generously by} <a href="http://mybb.com/" target="_blank">MyBB{$mybbversion}</a>, &copy; 2002-{$copy_year} <a href="http://mybb.com/" target="_blank">MyBB Group</a>.<br />
				<!-- End powered by -->
				<br />
<br class="clear" />
<!-- The following piece of code allows MyBB to run scheduled tasks. DO NOT REMOVE -->{$task_image}<!-- End task image code -->
{$auto_dst_detection}
		</div>
		</div>
I think it is this bit:

{$lang->Core Scripts and Code provided generously by} - try removing that line.

The parser is seeing it as a dodgy variable.
Variables also don't ever have spaces in them.
(2013-01-05, 06:05 PM)Leefish Wrote: [ -> ]I think it is this bit:

{$lang->Core Scripts and Code provided generously by} - try removing that line.

The parser is seeing it as a dodgy variable.

(2013-01-05, 06:10 PM)StingReay Wrote: [ -> ]Variables also don't ever have spaces in them.

Thank you both! It is now resolved!