MyBB Community Forums

Full Version: Security exploit in template.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I have got a security error with this header template.

Could anyone suggest a fix?

<navigation>
<div id="header">
<span style="float:right">
<div id="welcome" style="text-align: left; color: #ffffff; text-shadow: 0 1px 0 #000; width: 510px; padding-top: 3px;">
{$welcomeblock}
</div>
</span>
<a href="{$mybb->settings['bburl']}"><img src="{$theme['imgdir']}/logo.png" style="margin-right: 30px;"></a><img src="{$theme['imgdir']}/sep.png">
</div>
<div id="container">
<div id="toplinks">
<ul>
<span style="float:right">
<li><a href="{$mybb->settings['homeurl']}"><img src="{$theme['imgdir']}/toplinks/home.png" alt="Home">&nbsp;Home&nbsp;</a></li>
<li><a href="{$mybb->settings['bburl']}"><img src="{$theme['imgdir']}/toplinks/forums.png" alt="Forums">&nbsp;Forums&nbsp;</a></li>
<li><a href="{$mybb->settings['#']}"><img src="{$theme['imgdir']}/toplinks/demo.png" alt="Demo">&nbsp;Demo&nbsp;</a></li>
<li><a href="{$mybb->settings['#']}"><img src="{$theme['imgdir']}/toplinks/purchase.png" alt="Purchase">&nbsp;Purchase&nbsp;</a></li>
</span>
<li class="nomarg">
<a href="{$mybb->settings['bburl']}/usercp.php"><img src="{$theme['imgdir']}/toplinks/usercp.png" alt="User CP">&nbsp;User CP&nbsp;</a>
{$modcplink}
{$admincplink}
</li>
<li><a href="#"><img src="{$theme['imgdir']}/toplinks/links.png" alt="Forum Links">&nbsp;Forum Links&nbsp;</a>
<ul>
                    <li><a href="{$mybb->settings['bburl']}/search.php?action=getnew">View New Posts</a></li>
                    <li><a href="{$mybb->settings['bburl']}/search.php?action=getdaily">View Todays Posts</a></li>
                    <li><a href="{$mybb->settings['bburl']}/search.php?action=finduserthreads&uid={$mybb->user['uid']}">View Your Threads</a></li>
</ul>
</li>
</ul>
</div>
<br />
<br />
		<div id="content">
			{$pm_notice}
			{$bannedwarning}
			{$bbclosedwarning}
			{$unreadreports}
			{$pending_joinrequests}
			<br />
The instances of "{$mybb->settings['#']}".
I suggest you remove them, what are they for anyway?
I have no idea. It's a custom theme called "photoshop bliss v3".
They should be: {$mybb->settings['bburl']}
You can replace them with what you want. They are what is causing the issue.
As said above {$mybb->settings['bburl']} is what they should probably be.
Depending on what your site is you could just remove the rows that contain it.
I have changed the links and turned it into a menu. Thanks for your help. Smile