Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Solved: 8 Years, 10 Months, 1 Week ago Themes Issue
#1
Solved: 8 Years, 10 Months, 1 Week ago
Ok so i tried to install at least three themes i liked and when i try to import it i get this error message:
Quote:A potential security issue was found in the theme. It was not imported. Please contact the Author or MyBB Group for support.

Two other themes worked, by the way.
Coming soon..
#2
Solved: 8 Years, 10 Months, 1 Week ago
Well, a good start is telling us what theme it was.
#3
Solved: 8 Years, 10 Months, 1 Week ago
Uh luxure from audentio and nanoskinnerz from scoutie44.
Coming soon..
#4
Solved: 8 Years, 10 Months, 1 Week ago
It doesn't help to know which themes worked, if there is an issue with a theme then it is a good idea to tell us which theme.
Tindris
MyBB Support Technician
#5
Solved: 8 Years, 10 Months, 1 Week ago
^ may be some variable used in themes is changed from MyBB 1.6.9 - unable to trace that easily.
or it could be theme name issue (theme name should not consist of spaces ? Potential XSS vulnerability in theme name)
#6
Solved: 8 Years, 10 Months, 1 Week ago
Luxure
Coming soon..
#7
Solved: 8 Years, 10 Months, 1 Week ago
(2013-05-11, 08:29 AM).m. Wrote: ... it could be theme name issue (theme name should not consist of spaces ? Potential XSS vulnerability in theme name)

wait what? doesn't MyBB take care of that already?
Meaning only alpha and spaces are allowed?
if not a simple preg replace would work:
(preg_replace("/[^a-zA-Z0-9 ]+/", "",($_POST

Curious how when char safe range is set how spaces could cause a XSS vulnerability?
Please school me.... cuz I don't see it.


edit:
(2013-05-11, 09:52 AM)JonathanP Wrote: Luxure
Could you link it? to the devs site?
#8
Solved: 8 Years, 10 Months, 1 Week ago
By the way, it's a paid theme i bought, i made a ticket over there but wanted to see what mybb thought about it.
Coming soon..
#9
Solved: 8 Years, 10 Months, 1 Week ago
(2013-05-11, 10:00 AM)JonathanP Wrote: By the way, it's a paid theme i bought, i made a ticket over there but wanted to see what mybb thought about it.

If it's a paid theme then it'd be unethical for you to leak the theme just so we could test it to see why it's giving you that. You could look through the XML file and see if there's an incomplete or a template tag missing. There shouldn't be any php in it, there may be bad javascript but I doubt mybb would be able to pick that up... more than likely a format error somewhere.
#10
Solved: 8 Years, 10 Months, 1 Week ago
I wouldn't leak it but the author is staff on here, so maybe he'll reply to this thread.
Coming soon..


Forum Jump:


Users browsing this thread: 1 Guest(s)