Ok so i tried to install at least three themes i liked and when i try to import it i get this error message:
Quote:A potential security issue was found in the theme. It was not imported. Please contact the Author or MyBB Group for support.
Two other themes worked, by the way.
Well, a good start is telling us what theme it was.
Uh luxure from audentio and nanoskinnerz from scoutie44.
It doesn't help to know which themes worked, if there is an issue with a theme then it is a good idea to tell us which theme.
^ may be some variable used in themes is changed from MyBB 1.6.9 - unable to trace that easily.
or it could be theme name issue (theme name should not consist of spaces ? Potential XSS vulnerability in theme name)
(2013-05-11, 08:29 AM).m. Wrote: [ -> ]... it could be theme name issue (theme name should not consist of spaces ? Potential XSS vulnerability in theme name)
wait what? doesn't MyBB take care of that already?
Meaning only alpha and spaces are allowed?
if not a simple preg replace would work:
(preg_replace("/[^a-zA-Z0-9 ]+/", "",($_POST
Curious how when char safe range is set how spaces could cause a XSS vulnerability?
Please school me.... cuz I don't see it.
edit:
(2013-05-11, 09:52 AM)JonathanP Wrote: [ -> ]Luxure
Could you link it? to the devs site?
By the way, it's a paid theme i bought, i made a ticket over there but wanted to see what mybb thought about it.
(2013-05-11, 10:00 AM)JonathanP Wrote: [ -> ]By the way, it's a paid theme i bought, i made a ticket over there but wanted to see what mybb thought about it.
If it's a paid theme then it'd be unethical for you to leak the theme just so we could test it to see why it's giving you that. You could look through the XML file and see if there's an incomplete or a template tag missing. There shouldn't be any php in it, there may be bad javascript but I doubt mybb would be able to pick that up... more than likely a format error somewhere.
I wouldn't leak it but the author is staff on here, so maybe he'll reply to this thread.