MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Releases > Recent Topics on Index page
Full Version: Recent Topics on Index page
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5

bubbley

2010-10-30, 12:27 AM
What is needed in next release(which is needed now):

- Don't show admin only forums to everyone.
- Move recent topics to the top of the board.

lecteur

2010-12-05, 07:57 AM
Quote:- Don't show admin only forums to everyone.

Any fix please Huh

vbgamer45

2010-12-05, 10:24 PM
I haven't been able to figure that out yet if anyone has an idea let me know.

lecteur

2010-12-06, 09:41 AM
(2010-12-05, 10:24 PM)vbgamer45 Wrote: [ -> ]I haven't been able to figure that out yet if anyone has an idea let me know.

thanks for answer.

Another problem with this extension, when click whose online : i can't see the location, i can't see the location.. just " Read a topic/discussion"

i try with another test account, when access a thread from "recent topic" i can't see location just read topic but when access from forum to the same topic i can see " test read "topic title"

NewEraCracker

2011-02-25, 07:14 PM
Hello.

I've installed this plugin in my board. Unfortunately today an hacker used it to do a XSS attack by placing html code in topic title.

I'd suggest you to take a look at line 133 of \inc\plugins\recenttopicsindex.php

<a href="showthread.php?tid=' . $threadRow['tid'] . '&action=lastpost">' . $subject .'</a> '  . $lang->recenttopics_by . (!empty($threadRow['lastposteruid']) ? ' <a href="member.php?action=profile&uid=' . $threadRow['lastposteruid'] . '">' . $threadRow['lastposter'] . '</a>' : $threadRow['lastposter']) . ' (<a href="forumdisplay.php?fid=' . $threadRow['fid'] . '">' . $threadRow['name'] . '</a>)

$subject should be changed to htmlspecialchars($subject)

Regards,
NewEraCracker.

vbgamer45

2011-02-26, 04:31 AM
Thanks patched and update released.
I assumed that the data in the database was already safe did not know that it is needed to be protected during output.

NewEraCracker

2011-04-03, 11:15 PM
Hello vbgamer45,

There is another issue with this mod about showing hidden forums.

Issue has been described by stain on 3rd February 2011:
http://mods.mybb.com/reviews/recent-topi...index-page

Thanks Smile

vbgamer45

2011-04-03, 11:26 PM
Anyone have a fix for it?

NewEraCracker

2011-04-05, 09:06 AM
--- /recenttopicsindex.php    Wed Aug 04 13:18:34 2010
+++ /recenttopicsindex.php    Tue Dec 28 10:20:54 2010
@@ -87,7 +87,7 @@

function recenttopicsindex_show()
{
-    global $db, $mybb, $page, $recenttopics, $theme, $lang;
+    global $db, $mybb, $page, $recenttopics, $theme, $lang, $permissioncache;

    $lang->load('recenttopicsindex');

@@ -107,6 +107,13 @@
</thead>';

    // Run the Query
+    // !!! FIX private forum exposure!!!
+    if ( !is_array($permissioncache) ||
+         (is_array($permissioncache) && ((count($permissioncache)==1) && (isset($permissioncache['-1']) && ($permissioncache['-1'] = "1"))))
+       ) {
+        $permissioncache = forum_permissions();
+    }
+    
    $unsearchforums = get_unsearchable_forums();
    if($unsearchforums)
        $where_sql .= " AND t.fid NOT IN ($unsearchforums)";

vbgamer45

2011-04-05, 12:28 PM
Awesome thanks odd that you have to do that before get_unsearchable_forums();
Update

1.0.2
!Fixed issue showing private forums thanks to NewEraCracker
Pages: 1 2 3 4 5
MyBB Community Forums > Extensions > Plugins > Plugin Releases > Recent Topics on Index page