MyBB Community Forums
Themes Issue - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 General Support (https://community.mybb.com/forum-127.html)
+------ Thread: Themes Issue (/thread-139179.html)

Pages: 1 2


Themes Issue - JonathanP - 2013-05-11

Ok so i tried to install at least three themes i liked and when i try to import it i get this error message:
Quote:A potential security issue was found in the theme. It was not imported. Please contact the Author or MyBB Group for support.

Two other themes worked, by the way.


RE: Themes Issue - Stefan C. - 2013-05-11

Well, a good start is telling us what theme it was.


RE: Themes Issue - JonathanP - 2013-05-11

Uh luxure from audentio and nanoskinnerz from scoutie44.


RE: Themes Issue - Tindris - 2013-05-11

It doesn't help to know which themes worked, if there is an issue with a theme then it is a good idea to tell us which theme.


RE: Themes Issue - .m. - 2013-05-11

^ may be some variable used in themes is changed from MyBB 1.6.9 - unable to trace that easily.
or it could be theme name issue (theme name should not consist of spaces ? Potential XSS vulnerability in theme name)


RE: Themes Issue - JonathanP - 2013-05-11

Luxure


RE: Themes Issue - WebDevandPhoto - 2013-05-11

(2013-05-11, 08:29 AM).m. Wrote: ... it could be theme name issue (theme name should not consist of spaces ? Potential XSS vulnerability in theme name)

wait what? doesn't MyBB take care of that already?
Meaning only alpha and spaces are allowed?
if not a simple preg replace would work:
(preg_replace("/[^a-zA-Z0-9 ]+/", "",($_POST

Curious how when char safe range is set how spaces could cause a XSS vulnerability?
Please school me.... cuz I don't see it.


edit:
(2013-05-11, 09:52 AM)JonathanP Wrote: Luxure
Could you link it? to the devs site?


RE: Themes Issue - JonathanP - 2013-05-11

By the way, it's a paid theme i bought, i made a ticket over there but wanted to see what mybb thought about it.


RE: Themes Issue - WebDevandPhoto - 2013-05-11

(2013-05-11, 10:00 AM)JonathanP Wrote: By the way, it's a paid theme i bought, i made a ticket over there but wanted to see what mybb thought about it.

If it's a paid theme then it'd be unethical for you to leak the theme just so we could test it to see why it's giving you that. You could look through the XML file and see if there's an incomplete or a template tag missing. There shouldn't be any php in it, there may be bad javascript but I doubt mybb would be able to pick that up... more than likely a format error somewhere.


RE: Themes Issue - JonathanP - 2013-05-11

I wouldn't leak it but the author is staff on here, so maybe he'll reply to this thread.