The templates below matched known security issues. Please review them.
pointsinpost_listposts_points_table
pointsinpost_table_postbit
pointsinpost_table_postbit_classic
[
attachment=28379]
Please post the contents of those 3 templates in [code] tags
pointsinpost_listposts_points_table
[code]
<tr class="{$bgcolor}">
<td valign="top">
<span class="smalltext">
{$lang->thread}: {$thread['subject']}<br />
{$lang->psubject}: {$post['subject']}
<br />
<table width="100%"><tr><td><span class="smalltext"><em>{$message }</em></span></td></tr></table>
</span></td>
<td align="center">{$username}</td>
<td align="center">{$forum}</td>
<td align="center"><a href="javascript:MyBB.whoPosted({$post['tid']});">{$thread['replies']}</a></td>
<td align="center">{$thread['views']}</td>
<td align="center"><b>{$post['points']}</b></td>
</tr>
[code]
pointsinpost_table_postbit
[Code]:
<tr>
<td class="trow1">
<div id="pointsaddsuccess"><center><strong>{$lang->give_points} {$post['postpoints']}</strong></center></div>
</td>
</tr>
<script type="text/javascript" src="{$mybb->settings['bburl']}/jscripts/PostInPoints.js"></script>
<script type="text/javascript">
var uid = {$post['uid']};
var udid = {$mybb->user['uid']};
var pid = {$post['pid']};
var tid = {$post['tid']};
var numpointsgroup = {$usergroups[$mybb->user['usergroup']]['pointsaddpost']};
</script>
[code]
pointsinpost_table_postbit_classic
[code]
<tr>
<td class="trow1" colspan="2">
<div id="pointsaddsuccess"><center><strong>{$lang->give_points} {$post['postpoints']}</strong></center></div>
</td>
</tr>
<script type="text/javascript" src="{$mybb->settings['bburl']}/jscripts/PostInPoints.js"></script>
<script type="text/javascript">
var uid = {$post['uid']};
var udid = {$mybb->user['uid']};
var pid = {$post['pid']};
var tid = {$post['tid']};
var numpointsgroup = {$usergroups[$mybb->user['usergroup']]['pointsaddpost']};
</script>
[code]
For
pointsinpost_listposts_points_table
Find
{$lang->psubject}
Change it to
{$lang->subject}
For
pointsinpost_table_postbit
Find
var udid = {$mybb->user['uid']};
Change it to
var uid = {$mybb->user['uid']};
For
pointsinpost_table_postbit_classic
Find
var udid = {$mybb->user['uid']};
Change it to
var uid = {$mybb->user['uid']};
Nothing is happening from that code pls help anyone ..
Vernier Sir pls help me ......
Thanks
The first template you need to replace:
{$message }
with the following:
{$message}
In the second and third template the following is causing the issue, I'm not too sure what that should be however:
{$usergroups[$mybb->user['usergroup']]['pointsaddpost']}
(2013-01-21, 08:33 PM)Vernier Wrote: [ -> ]The first template you need to replace:
{$message }
with the following:
{$message}
In the second and third template the following is causing the issue, I'm not too sure what that should be however:
{$usergroups[$mybb->user['usergroup']]['pointsaddpost']}
Oh shoot. So wait, I know I'm not the OP of this thread but were the variables below right because I never seen "udid" before?
var udid
(2013-01-21, 08:36 PM)HardHarry Wrote: [ -> ]See site something has happened tell me what to do pls
http://ezyopensource.com/
Revert all the settings I told you to do. So basically whatever you changed from my post, change it back to what it originally was.