Hi everyone,
I'd like to point out that this plugin is CSRF vulnerable.
If someone uses [img] tags to link to thankyoulike.php fraudulent likes can be added.
[img]http://yoursite.com/forum/thankyoulike.php?action=add&pid=1[/img]
I have notified the plugin author.
Wow, how'd you stumble across that?
(2011-10-26, 02:52 AM)Paul H. Wrote: [ -> ]Hi everyone,
I'd like to point out that this plugin is CSRF vulnerable.
If someone uses [img] tags to link to thankyoulike.php fraudulent likes can be added.
[img]http://yoursite.com/forum/thankyoulike.php?action=add&pid=1[/img]
I have notified the plugin author.
While I appreciate the heads up, I would really have preferred you not post this here the same time you send me the PM to notify me. It would make sense posting it if I hadn't responded for a while in which case you would want the users to know that there is a possibility of a csrf. However posting it before actually giving me a chance to fix it is a little careless as now those who didn't even know about it, know about it and will try to abuse it.
Anyway its a low risk csrf and an update
will be released in a bit has been released, check the first post for more details.
Would you ever consider creating a converter? (Reputation -> Likes/Thanks, and vice versa)
I'm receiving the same error, have recounted the likes and cleared cookies/cache.
What's even weirder is that it's only happening to non-staff on my forum. I can access it fine, so can another Moderator. However regular members cannot.
(2011-10-21, 11:54 PM)- G33K - Wrote: [ -> ]Yes, very serious:
http://img607.imageshack.us/img607/2517/screenij.jpg
Try running the Recount and Rebuild thanks in tools and maintenance section and clearing your cache and cookies. I will try and investigate more on my end why this might be happening but till I can actually reproduce the error its going to be difficult.
just curious as to wether 1.5 has had the ammendments to work with 1.6.5
Looks great, are you planning on updating for MyBB 2.0 (when needed) ?
(2011-11-01, 03:47 PM)adbrad Wrote: [ -> ]just curious as to wether 1.5 has had the ammendments to work with 1.6.5
No it does not. I am making the changes to my internal repository but I will not be releasing it until after 1.6.5 is released and I have had a chance to test it on 1.6.5
(2011-11-01, 05:00 PM)seeker Wrote: [ -> ]Looks great, are you planning on updating for MyBB 2.0 (when needed) ?
I do intend to update it when 2.0 is released. It will be more of a branching as the code will need to be rewritten for 2.0 so I'll be maintaining the 2 branches one for 1.6 and the other for 2.0
Oh and for the record:
(2011-10-31, 12:17 AM)Richard Wrote: [ -> ]I'm receiving the same error, have recounted the likes and cleared cookies/cache.
What's even weirder is that it's only happening to non-staff on my forum. I can access it fine, so can another Moderator. However regular members cannot.
(2011-10-21, 11:54 PM)- G33K - Wrote: [ -> ]Yes, very serious:
http://img607.imageshack.us/img607/2517/screenij.jpg
Try running the Recount and Rebuild thanks in tools and maintenance section and clearing your cache and cookies. I will try and investigate more on my end why this might be happening but till I can actually reproduce the error its going to be difficult.
I think I might have gotten to the bottom of this problem, although I couldn't reproduce it on my side, however I gave Richard an updated file which seems to have taken care of it, I'll include the fix in the next release after I've had the chance to test it.
