MyBB Community Forums

MyBB Community Forums > Extensions > Themes > Theme Support > A potential security issue was found in the template.
Full Version: A potential security issue was found in the template.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Jelo

2013-12-04, 01:33 PM
Hello, i was installing an xthreads plugin that was pretty old and received this error and im not quite sure what i could do to fix it as im not very familiar with the 1.6 security. Here is the code:

<td width="50%" valign="top">
	<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
		<tr>
			<td class="thead" colspan="{$colspan}" align="center">
				<strong><a href="{$thread['threadlink']}" class="{$inline_edit_class} {$new_class}" id="tid_{$inline_edit_tid}">{$thread['subject']}</a></strong>
			</td>
		</tr>
		<tr>
			<td class="tcat smalltext" align="center">
				<strong>{$thread['profilelink']}, {$thread['threaddate']} at {$thread['threadtime']}</strong>
			</td>
			{$modbit}
		</tr>
		<tr>
			<td class="trow1" align="center" valign="middle" colspan="{$colspan}">
				<table width="100%" border="0" style="height: 189px;">
					<tr>
						<td width="1" align="center" valign="middle">
							<a href="{$thread['threadlink']}">{$GLOBALS['threadfields']['trdfimg']['value']}</a>
							{$rating}
						</td>
						<td valign="top" align="center">
							<div align="center"><strong>Quantity:</strong></div>
							<div align="center" style="color: green; font-size: 16px;">
								<strong>{$GLOBALS['threadfields']['trdfquantity']}</strong>
							</div>
							<br />
							<div align="center">
								<strong>{$GLOBALS['threadfields']['trdfminmax']}<br />$ {$GLOBALS['threadfields']['trdfprice']} For {$GLOBALS['threadfields']['trdfet']}!</strong>
							</div>
							<br />
							<img src="{$theme['imgdir']}/{$GLOBALS['threadfields']['trdftnt']}.png" alt="Need To {$GLOBALS['threadfields']['trdftnt']}" title="Need To {$GLOBALS['threadfields']['trdftnt']}" />
							<img src="{$theme['imgdir']}/{$GLOBALS['threadfields']['trdfstatus']}.png" alt="{$GLOBALS['threadfields']['trdfstatus']}" title="{$GLOBALS['threadfields']['trdfstatus']}" />
							<img src="{$theme['imgdir']}/{$GLOBALS['threadfields']['trdfcond']}.png" alt="{$GLOBALS['threadfields']['trdfcond']}" title="{$GLOBALS['threadfields']['trdfcond']}" />
							<br />
						</td>
					</tr>
				</table>
			</td>
		</tr>
		<tr>
			<td class="tcat" colspan="{$colspan}" align="center">
				<strong>Payment: {$GLOBALS['threadfields']['trdfpayment']}</strong>
			</td>
		</tr>
		<tr>
			<td class="tfoot" align="center" colspan="{$colspan}">
				<strong>{$thread['views']} Views,
				<a href="javascript:MyBB.whoPosted({$thread['tid']});">{$thread['replies']}</a>{$unapproved_posts} Responds</strong>
			</td>
		</tr>
	</table>
</td>

Anyone able to help me out? thanks

.m.

2013-12-04, 01:40 PM
find $ {$GLOBALS['threadfields']['trdfprice']} and remove the first $

Jelo

2013-12-04, 01:55 PM
(2013-12-04, 01:40 PM).m. Wrote: [ -> ]find $ {$GLOBALS['threadfields']['trdfprice']} and remove the first $

Worked! Thanks!
MyBB Community Forums > Extensions > Themes > Theme Support > A potential security issue was found in the template.