2015-03-28, 09:25 PM
While the front-end seems to be pulling the user input using $mybb->get_input() which converts it to the expected types, it is not being done in the ACP and simple input type manipulation (e.g. submitting arrays instead of string values) allows to trigger PHP errors related to provided values' types and functions they have been passed to.
Code sample:
https://github.com/mybb/mybb/blob/featur...ng.php#L25
This issue refers to a vast majority of POST forms as well as mechanisms relying on GET parameters present in the ACP.
Code sample:
https://github.com/mybb/mybb/blob/featur...ng.php#L25
This issue refers to a vast majority of POST forms as well as mechanisms relying on GET parameters present in the ACP.