MyBB Community Forums

The templates below matched known security issues. Please review them.

pointsinpost_listposts_points_table
pointsinpost_table_postbit
pointsinpost_table_postbit_classic


[attachment=28379]

Please post the contents of those 3 templates in [code] tags

pointsinpost_listposts_points_table

[code]

<tr class="{$bgcolor}">
<td valign="top">
<span class="smalltext">
{$lang->thread}: {$thread['subject']}<br />
{$lang->psubject}: {$post['subject']}
<br />
<table width="100%"><tr><td><span class="smalltext"><em>{$message }</em></span></td></tr></table>
</span></td>
<td align="center">{$username}</td>
<td align="center">{$forum}</td>
<td align="center"><a href="javascript:MyBB.whoPosted({$post['tid']});">{$thread['replies']}</a></td>
<td align="center">{$thread['views']}</td>
<td align="center"><b>{$post['points']}</b></td>
</tr>

[code]

---

pointsinpost_table_postbit

[Code]:

<tr>
<td class="trow1">
<div id="pointsaddsuccess"><center><strong>{$lang->give_points} {$post['postpoints']}</strong></center></div>
</td>
</tr>
<script type="text/javascript" src="{$mybb->settings['bburl']}/jscripts/PostInPoints.js"></script>
<script type="text/javascript">
var uid = {$post['uid']};
var udid = {$mybb->user['uid']};
var pid = {$post['pid']};
var tid = {$post['tid']};
var numpointsgroup = {$usergroups[$mybb->user['usergroup']]['pointsaddpost']};
</script>

[code]

---

pointsinpost_table_postbit_classic

[code]

<tr>
<td class="trow1" colspan="2">
<div id="pointsaddsuccess"><center><strong>{$lang->give_points} {$post['postpoints']}</strong></center></div>
</td>
</tr>
<script type="text/javascript" src="{$mybb->settings['bburl']}/jscripts/PostInPoints.js"></script>
<script type="text/javascript">
var uid = {$post['uid']};
var udid = {$mybb->user['uid']};
var pid = {$post['pid']};
var tid = {$post['tid']};
var numpointsgroup = {$usergroups[$mybb->user['usergroup']]['pointsaddpost']};
</script>

[code]

For pointsinpost_listposts_points_table

Find

{$lang->psubject}

Change it to

{$lang->subject}

For pointsinpost_table_postbit

Find

var udid = {$mybb->user['uid']};

Change it to

var uid = {$mybb->user['uid']};

For pointsinpost_table_postbit_classic

Find

var udid = {$mybb->user['uid']};

Change it to

var uid = {$mybb->user['uid']};

Nothing is happening from that code pls help anyone ..

Vernier Sir pls help me ......

Thanks

The first template you need to replace:

{$message }

with the following:

{$message}

In the second and third template the following is causing the issue, I'm not too sure what that should be however:

{$usergroups[$mybb->user['usergroup']]['pointsaddpost']}

okk let me check

(2013-01-21, 08:33 PM)Vernier Wrote: [ -> ]The first template you need to replace:

{$message }

with the following:

{$message}

In the second and third template the following is causing the issue, I'm not too sure what that should be however:

{$usergroups[$mybb->user['usergroup']]['pointsaddpost']}

Oh shoot. So wait, I know I'm not the OP of this thread but were the variables below right because I never seen "udid" before?

var udid

See site something has happened tell me what to do pls

http://ezyopensource.com/

(2013-01-21, 08:36 PM)HardHarry Wrote: [ -> ]See site something has happened tell me what to do pls

http://ezyopensource.com/

Revert all the settings I told you to do. So basically whatever you changed from my post, change it back to what it originally was.