MyBB

andrewjs18 · 2015-06-13, 09:42 PM

Hi,

I use the default mybb contact form. when a user submits a contact form and it emails me, it doesn't strip the from the email. here's a recent email I was sent from the contact form:

E-mail: [email protected]
Forum profile: username
IP Address: 127.0.0.1
Message:
Hello, 
 
I just created a profile a few minutes ago and was wondering if i could change my username? 
 
Will i have to delete and then re-create? 
 
Thanks! 
 
Me

Destroy666 · 2015-06-14, 01:55 AM

I can't reproduce.

1. Are you using 1.8.5?
2. Do you have any modified core files? If yes, which?
3. What was the exact input you entered in textarea?

andrewjs18 · (This post was last modified: 2015-06-14, 04:23 AM by andrewjs18.)

(2015-06-14, 01:55 AM)Destroy666 Wrote: I can't reproduce.

1. Are you using 1.8.5?
2. Do you have any modified core files? If yes, which?
3. What was the exact input you entered in textarea?

1- 1.8.5

2- only to bypass the registration agreement. changes to member.php:

from

if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")

to

if(!isset($mybb->settings['reg_agreement'])  && $mybb->request_method != "post")

3- this is a form someone submitted. I'll test myself and report back.

I did a test contact form..I just hit enter after each word in the message area:

E-mail: [email protected]
Forum profile: andrewjs18
IP Address: 0.0.0.0
Message:
Let's 
see 
if 
I 
can 
break 
this! 
 
thanks, 
 
Andrew

andrewjs18 · 2015-06-18, 04:06 AM

any movement on this?

andrewjs18 · 2015-06-25, 08:15 PM

this isn't parsing an ampersand either:

E-mail: [email protected]
Forum profile: N/A
IP Address: 0.0.0.0
Message:
Not sure what my usérname is& I need a new password 
 
 
TIA

Devilshakerz · 2015-06-25, 08:50 PM

The parser does insert these tags indeed (https://github.com/mybb/mybb/blob/featur...t.php#L217).
The characters are escaped too because these e-mails were presumably intended to be sent as HTML, but aren't - the default type is defined as text, not text/html: https://github.com/mybb/mybb/blob/featur...s.php#L527, which could be overridden here: https://github.com/mybb/mybb/blob/featur...t.php#L230.

Jones H · 2015-06-28, 11:51 AM

Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/2107

Thanks for contributing to MyBB!

Regards,
The MyBB Group

boson · 2016-06-17, 12:03 PM

any fix ? http://community.mybb.com/thread-194309.html

Ben · 2016-06-17, 12:33 PM

(2016-06-17, 12:03 PM)boson Wrote: any fix ? http://community.mybb.com/thread-194309.html

There has not been a fixed created and tested for this issue yet.

boson · (This post was last modified: 2016-06-18, 04:24 AM by boson.)

(2016-06-17, 12:33 PM)Ben C Wrote:
(2016-06-17, 12:03 PM)boson Wrote: any fix ? http://community.mybb.com/thread-194309.html

There has not been a fixed created and tested for this issue yet.

but i need some immediate fix . you got any ? thanks

waiting for this

Login
Username:
Password:	Lost Password?
	Remember me