MyBB Community Forums

(2013-05-26, 10:57 AM)Euan T Wrote: [ -> ]If a user gains ACP access, they can do far worse things.

Thats why

That's why what? If an user gains ACP access, he can do whatever he wants with your users, Forums, etc., thus far worse things than sending an alert with Custom Alerts.

but can still put inside database the <script> and gain password (encrypted) ....

Gain password of another admin account? This sounds quite dumb.

but is true ????

It isn't, actually. Not only it's pointless obtaining access to another admin's account if you already have one, but with a JS execution you could obtain the user's md5'ed password which as far as I know is too hard to revert as it's the hash of multiple hashes with a random 50-characters-long string. Fairly secure, although it's not impossible to revert it back, but it isn't worth the effort, definitely.

@metonator:

If you can call this a security risk then what about Page Manager (which allows you to eval() PHP), Advanced Sidebox (which allows admin to output ANY HTML/JS/CSS he would like in boxes) or countless other plugins that allow admin to control the board's output.

This is a great idea, a wonderful execution by Shade and a safe and secure version (as I am using it myself on two forums).

Great work Shade.

Thank you Wildcard

@Shade, I need help here, I have MyAlerts installed and work fine, but today I install custom Alerts, and have one error when try access MyAlerts Settings in Control Panel

inc\languages\portuguese_brasil\.lang.php does not exist

I translated before for portuguese_brasil, install plugin, happens same trouble when try using with MentionMe, any tip how I solve this.

Thanks, your plugin for login via facebook and twitter work very well here

www.xbmcbrasil.net

If uninstall plugins work fine again.

Wanilton

The problem should have been fixed with the most recent version of MyAlerts. Check it out: https://github.com/euantorano/MyAlerts