2020-05-12, 09:09 PM
Pages: 1 2
2020-05-13, 06:32 AM
(2020-05-09, 11:28 PM)Darth Apple Wrote: [ -> ]1. No, never any cases of malware in a theme. It's not like Wordpress where this is an issue. This is because MyBB themes do not rely on PHP in order to provide theme components.
Actually this isn't true -- it used to be possible to execute arbitrary PHP code through MyBB templates (e.g. "{${phpinfo()}}") because MyBB's template system uses PHP's eval() function and the template variables are literal PHP variables. These days MyBB attempts to prevent this, but it isn't guaranteed of course. That's one of the reasons 1.9 uses a modern template engine like Twig.
It was a popular way for hackers to gain access to an entire forum database even if the admin account had limited permissions.
2020-05-14, 04:57 AM
I stand corrected. Learn something new every day.
Twig will be good, I'm looking forward to it. Will finally be able to use github to handle theme changes as well.
Twig will be good, I'm looking forward to it. Will finally be able to use github to handle theme changes as well.
Pages: 1 2