MyBB Community Forums

Full Version: Safe themes and plugins?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
How can I be sure that the themes and plugins on

https://community.mybb.com/mods.php are safe?

For example if I go to see the last theme uploaded

https://community.mybb.com/mods.php?acti...w&pid=1466

if I click on the Author I see that he is waiting for an email confirmation so he hasn't even clicked on the validation email but he has been able to insert a theme.

Couldn't this theme have files accessing the database or server?


Thanks
All uploads are reviewed, although we can never guarantee there are no issues with them regardless of who's uploaded them. I have raised internally about requiring account activation first though. I've also checked this one out and it's just theme XML files and I can't see any issues with anything inside them.
Unless it has changed, the submissions from untrusted users are reviewed and need team approval.

@Matt : what about having a review team, volunteer-based*, to approve (or refuse) submissions in extend part ?

* not from the team, I think they already lack time to spent Smile
There is a list of Vulnerable Submissions at the bottom for plugins: https://community.mybb.com/mods.php?acti...erablesubs
(2021-07-30, 11:15 AM)Crazycat Wrote: [ -> ]Unless it has changed, the submissions from untrusted users are reviewed and need team approval.

@Matt : what about having a review team, volunteer-based*, to approve (or refuse) submissions in extend part ?

* not from the team, I think they already lack time to spent Smile

+1. extension could be in "Under development" forum section and user can download the file. extension creator will submit his extension for review if creator thinks it's ready for mybb staff team review. when staff will have time and approve the extension it will be listed on mybb official download page.
I just love the support team here.

You guys are doing a very good work.
May God bless you all.