2020-11-30, 11:11 AM
2020-11-30, 11:47 AM
short note: use a more meaningful title next time.
I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the
I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the
'
in user's makes an error.2020-11-30, 12:40 PM
(2020-11-30, 11:47 AM)Crazycat Wrote: [ -> ]short note: use a more meaningful title next time.
I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the'
in user's makes an error.
hi I don't remember where I downloaded this plugin anymore, but it worked fine then, unfortunately not now!
https://mods.mybb.com/view/welcome-topic
I downloaded from here
can you help ?
2020-11-30, 01:20 PM
You can simply correct it, in two ways.
First way, lazzy one (bad)
Find the following:
Replace with:
Second way, better
Find the same query:
Replace it with a clean one:
First way, lazzy one (bad)
Find the following:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");
Replace with:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('".$db->escape($subject)."','".$db->escape($body)."')");
Second way, better
Find the same query:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");
Replace it with a clean one:
$db->insert_query('welcome', ['welcomesubject' => $subject, 'welcomebody' => $body]);
2020-11-30, 01:24 PM
(2020-11-30, 01:20 PM)Crazycat Wrote: [ -> ]You can simply correct it, in two ways.
First way, lazzy one (bad)
Find the following:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome (welcomesubject,welcomebody) VALUES('$subject','$body')");
Replace with:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome (welcomesubject,welcomebody) VALUES('".$db->escape($subject)."','".$db->escape($body)."')");
Second way, better
Find the same query:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome (welcomesubject,welcomebody) VALUES('$subject','$body')");
Replace it with a clean one:
$db->insert_query('welcome', ['welcomesubject' => $subject, 'welcomebody' => $body]);
Thank you friend