2014-11-15, 06:25 PM
To prevent issues like this from happening in the future, the code that is being fetched from external sources and then displayed on ACP pages should be properly sanitized - especially given that the official MyBB websites do not serve requests over HTTPS.
It might put an end to cloning the MyBB Blog on Check for Updates page, but displaying plaintext entry titles with links to original entries does not sound so bad when security is at stake.
It might put an end to cloning the MyBB Blog on Check for Updates page, but displaying plaintext entry titles with links to original entries does not sound so bad when security is at stake.