2020-11-30, 11:11 AM
What could be the problem ? can anyone help me
I installed this plugin: Welcome Topic (1.0)
and I received this error message:
![[Image: D2RWyDP.png]](https://camo.mybb.com/e4ea7eb53ad56502d07becdecb52ed249392b765/68747470733a2f2f696d6775722e636f6d2f443252577944502e706e67)
I installed this plugin: Welcome Topic (1.0)
and I received this error message:
2020-11-30, 11:47 AM
short note: use a more meaningful title next time.
I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the
I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the
' in user's makes an error.2020-11-30, 12:40 PM
(2020-11-30, 11:47 AM)Crazycat Wrote: [ -> ]short note: use a more meaningful title next time.
I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the'in user's makes an error.
hi I don't remember where I downloaded this plugin anymore, but it worked fine then, unfortunately not now!
https://mods.mybb.com/view/welcome-topic
I downloaded from here
can you help ?
2020-11-30, 01:20 PM
You can simply correct it, in two ways.
First way, lazzy one (bad)
Find the following:
Replace with:
Second way, better
Find the same query:
Replace it with a clean one:
First way, lazzy one (bad)
Find the following:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");Replace with:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('".$db->escape($subject)."','".$db->escape($body)."')");Second way, better
Find the same query:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");Replace it with a clean one:
$db->insert_query('welcome', ['welcomesubject' => $subject, 'welcomebody' => $body]);2020-11-30, 01:24 PM
(2020-11-30, 01:20 PM)Crazycat Wrote: [ -> ]You can simply correct it, in two ways.
First way, lazzy one (bad)
Find the following:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome (welcomesubject,welcomebody) VALUES('$subject','$body')");
Replace with:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome (welcomesubject,welcomebody) VALUES('".$db->escape($subject)."','".$db->escape($body)."')");
Second way, better
Find the same query:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome (welcomesubject,welcomebody) VALUES('$subject','$body')");
Replace it with a clean one:
$db->insert_query('welcome', ['welcomesubject' => $subject, 'welcomebody' => $body]);
Thank you friend