2013-01-19, 07:46 PM
How would I go about styling usernames in latest post display using the group styles? I'm well aware of the plugin, but it's over a year old and according to the reviews may have an SQL vulnerability.
2013-01-19, 07:46 PM
2013-01-19, 08:42 PM
http://mods.mybb.com/view/styl-usernames
As far as I can see the plugin is only really vulnerable if another plugin or code edit allows it.
If you want to make sure, find:
Replace with:
But really, you can just as well ignore iHydra.
As far as I can see the plugin is only really vulnerable if another plugin or code edit allows it.
If you want to make sure, find:
$result = $db->simple_select('users', 'uid, username, usergroup, displaygroup', 'uid IN (' . implode(',', array_keys($this->cache['users'])) . ')');Replace with:
$result = $db->simple_select('users', 'uid, username, usergroup, displaygroup', 'uid IN (' . implode(',', array_map('intval', array_keys($this->cache['users']))) . ')');But really, you can just as well ignore iHydra.
2013-01-19, 09:06 PM
Right, thanks Omar!