MyBB Community Forums
[1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Extensions (https://community.mybb.com/forum-201.html)
+--- Forum: Plugins (https://community.mybb.com/forum-73.html)
+---- Forum: Plugin Releases (https://community.mybb.com/forum-102.html)
+---- Thread: [1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) (/thread-59652.html)



RE: [1.4.x/1.6.x] Thank You/Like System v1.4 (Updated: 07/31/2011) - Paul H. - 2011-10-26

Hi everyone,

I'd like to point out that this plugin is CSRF vulnerable.

If someone uses [img] tags to link to thankyoulike.php fraudulent likes can be added.

[img]http://yoursite.com/forum/thankyoulike.php?action=add&pid=1[/img]

I have notified the plugin author.


RE: [1.4.x/1.6.x] Thank You/Like System v1.4 (Updated: 07/31/2011) - AussieJay - 2011-10-26

Wow, how'd you stumble across that?


RE: [1.4.x/1.6.x] Thank You/Like System v1.4 (Updated: 07/31/2011) - - G33K - - 2011-10-26

(2011-10-26, 02:52 AM)Paul H. Wrote: Hi everyone,

I'd like to point out that this plugin is CSRF vulnerable.

If someone uses [img] tags to link to thankyoulike.php fraudulent likes can be added.

[img]http://yoursite.com/forum/thankyoulike.php?action=add&pid=1[/img]

I have notified the plugin author.

While I appreciate the heads up, I would really have preferred you not post this here the same time you send me the PM to notify me. It would make sense posting it if I hadn't responded for a while in which case you would want the users to know that there is a possibility of a csrf. However posting it before actually giving me a chance to fix it is a little careless as now those who didn't even know about it, know about it and will try to abuse it.

Anyway its a low risk csrf and an update will be released in a bit has been released, check the first post for more details.


RE: [1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) - Richard - 2011-10-29

Would you ever consider creating a converter? (Reputation -> Likes/Thanks, and vice versa)


RE: [1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) - 007combatant - 2011-10-30

v1.5 Turkish version:
http://tr.mybbdepo.com/tesekkur-begen-sistemi-plugin-konusu.html


RE: [1.4.x/1.6.x] Thank You/Like System v1.4 (Updated: 07/31/2011) - Richard - 2011-10-31

I'm receiving the same error, have recounted the likes and cleared cookies/cache.

What's even weirder is that it's only happening to non-staff on my forum. I can access it fine, so can another Moderator. However regular members cannot.
(2011-10-21, 11:54 PM)- G33K - Wrote: Yes, very serious:

http://img607.imageshack.us/img607/2517/screenij.jpg

Try running the Recount and Rebuild thanks in tools and maintenance section and clearing your cache and cookies. I will try and investigate more on my end why this might be happening but till I can actually reproduce the error its going to be difficult.




RE: [1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) - adbrad - 2011-11-01

just curious as to wether 1.5 has had the ammendments to work with 1.6.5


RE: [1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) - seeker - 2011-11-01

Looks great, are you planning on updating for MyBB 2.0 (when needed) ?


RE: [1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) - - G33K - - 2011-11-01

(2011-11-01, 03:47 PM)adbrad Wrote: just curious as to wether 1.5 has had the ammendments to work with 1.6.5
No it does not. I am making the changes to my internal repository but I will not be releasing it until after 1.6.5 is released and I have had a chance to test it on 1.6.5

(2011-11-01, 05:00 PM)seeker Wrote: Looks great, are you planning on updating for MyBB 2.0 (when needed) ?

I do intend to update it when 2.0 is released. It will be more of a branching as the code will need to be rewritten for 2.0 so I'll be maintaining the 2 branches one for 1.6 and the other for 2.0



Oh and for the record:

(2011-10-31, 12:17 AM)Richard Wrote: I'm receiving the same error, have recounted the likes and cleared cookies/cache.

What's even weirder is that it's only happening to non-staff on my forum. I can access it fine, so can another Moderator. However regular members cannot.
(2011-10-21, 11:54 PM)- G33K - Wrote: Yes, very serious:

http://img607.imageshack.us/img607/2517/screenij.jpg

Try running the Recount and Rebuild thanks in tools and maintenance section and clearing your cache and cookies. I will try and investigate more on my end why this might be happening but till I can actually reproduce the error its going to be difficult.

I think I might have gotten to the bottom of this problem, although I couldn't reproduce it on my side, however I gave Richard an updated file which seems to have taken care of it, I'll include the fix in the next release after I've had the chance to test it.


RE: [1.4.x/1.6.x] Thank You/Like System v1.5 (Updated: 10/26/2011) - seeker - 2011-11-02

Great thanks G33K Smile