2016-02-16, 07:00 PM
Pages: 1 2
2016-02-16, 07:09 PM
(2016-02-16, 07:00 PM)boson Wrote: [ -> ]Can someone please clarify if mybb 1.8.6 safe and using this above exploit will admin/users account get compromised ?
Bit scary
No, it cannot be considered a security issue.
MyBB allows certain e-mail address schemes despite the fact that they point to the same mailbox on certain e-mail account providers.
2016-02-17, 04:49 PM
(2016-02-16, 05:26 PM)Destroy666 Wrote: [ -> ]Never heard of hyphens in Gmail.
The only solution I see is checking ./+ optionally if duplicate Emails are disallowed and a new setting for that is enabled. Except that, there's nothing we can do as I mentoned above.
My bad, I was thinking of plus, but wrote hyphen.
2016-11-24, 01:34 PM
Is there any issue here? From what I read this was an issue on the users site so we should reject this?
2016-11-24, 11:43 PM
It's not a bug, but rather a lack of an useful feature that's not very hard to implement - it requires only a setting + a 2-3 line code that strips dots and pluses from the local part if the setting is enabled. Or even slightly better - make the setting a textbox with disallowed characters.
2016-11-29, 07:10 PM
(2016-11-24, 11:43 PM)Destroy666 Wrote: [ -> ]It's not a bug, but rather a lack of an useful feature that's not very hard to implement - it requires only a setting + a 2-3 line code that strips dots and pluses from the local part if the setting is enabled. Or even slightly better - make the setting a textbox with disallowed characters.
True, but only for GMail.
I once tried to make a plugin to store canonical forms of emails, but found it too involved for my limited free time. In my plugin, I would keep the email field as is, just add a new "cleaned_email" field.
Pages: 1 2