Fix security error in any theme/template
#1
Basic changes

They usually work for most of outdated themes. You need to open the [theme_name].xml file in text editor, such as Notepad++, and search (CTRL + F) the following 4 codes:

1.
{$monthnames[$prev_month['month']]}
if found, replace with:
{$prev_month['month']}

2.
{$monthnames[$next_month['month']]}
if found, replace with:
{$next_month['month']}

3.
{$monthnames[$week_from[1]]}
if found, replace with:
{$monthnames[$week_from_one]}

4.
{$type_checked[$type['tid']]}
if found, replace with:
{$checked}

Then try to import .xml file again.

If none of these codes were found or you corrected them and the error is still present, you need to apply advanced changes specified below.

Advanced changes

Several themes have other problems in templates which are not as easy to find. That's why I wrote this topic: http://community.mybb.com/thread-139498.html Noone was interested but I see on this/Polish forum some themes still can't be imported so I decided to give it a try myself although I'm not the best PHP coder.

It requires changes in several core files, I suggest doing them using Patches plugin: http://mods.mybb.com/view/patches

In admin/inc/functions.php change:
function check_template($template)
{
	// Check to see if our database password is in the template
	if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template))
	{
		return true;
	}

	// System calls via backtick
	if(preg_match('#\$\s*\{#', $template))
	{
		return true;
	}

	// Any other malicious acts?
	// Courtesy of ZiNgA BuRgA
	if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
	{
		return true;
	}

	return false;
}
to:
function check_template($template)
{
	
	$results = array();
	
	// Check to see if our database password is in the template
	if(preg_match_all("#database'?\\s*\]\\s*\[\\s*'?password#", $template, $matches))
	{
		$results = array_merge($results, $matches[0]);
	}

	// System calls via backtick
	if(preg_match_all('#\$\s*\{#', $template, $matches))
	{
		$results = array_merge($results, $matches[0]);
	}

	// Any other malicious acts?
	// Courtesy of ZiNgA BuRgA
	$template = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template);
	if(preg_match_all("~\\{\\$.+?\\}~s", $template, $matches))
	{
		$results = array_merge($results, $matches[0]);
	}
	
	$output = '';
	
	foreach($results as $result) {
	    $result = htmlspecialchars_uni($result);
		$output .= "\n<li>$result</li>\n";
	}

	return $output;
}

In admin/inc/functions_themes.php change:
		$security_check = false;
		$templatecache = array();

		foreach($templates as $template)
		{
			if(check_template($template['value']))

			{
				$security_check = true;
				break;
			}

			$templatecache[] = array(
				"title" => $db->escape_string($template['attributes']['name']),
				"template" => $db->escape_string($template['value']),
				"sid" => $db->escape_string($sid),
				"version" => $db->escape_string($template['attributes']['version']),
				"dateline" => TIME_NOW
			);
		}

		if($security_check == true)
		{
			return -4;
		}
to:
		$templatecache = array();
		$invalidcode = '';
		foreach($templates as $template)
		{
		    $check = check_template($template['value']);
			if ($check)
			{
				$temp_name = "\n<li>".htmlspecialchars_uni($template['attributes']['name']).":</li>\n";
				$invalidcode .= $temp_name."<ul>".$check."</ul>";
			}

			$templatecache[] = array(
				"title" => $db->escape_string($template['attributes']['name']),
				"template" => $db->escape_string($template['value']),
				"sid" => $db->escape_string($sid),
				"version" => $db->escape_string($template['attributes']['version']),
				"dateline" => TIME_NOW
			);
		}

        if($invalidcode)
		{
			return $invalidcode;
		}

In admin/modules/style/themes.php change:
				if($theme_id > -1)
				{
					$plugins->run_hooks("admin_style_themes_import_commit");
					
					// Log admin action
					log_admin_action($theme_id);
			
					flash_message($lang->success_imported_theme, 'success');
					admin_redirect("index.php?module=style-themes&action=edit&tid=".$theme_id);
				}
				else
				{
					switch($theme_id)
					{
						case -1:
							$errors[] = $lang->error_uploadfailed_nocontents;
							break;
						case -2:
							$errors[] = $lang->error_invalid_version;
							break;
						case -3:
							$errors[] = $lang->error_theme_already_exists;
							break;
						case -4:
							$errors[] = $lang->error_theme_security_problem;
					}
				}
to:
				 if(strpos($theme_id, "<li>") !== false)
				{
				    $errors[] = $lang->sprintf($lang->error_theme_security_problem, $theme_id);
				}
				else if($theme_id > -1)
				{
					$plugins->run_hooks("admin_style_themes_import_commit");
					
					// Log admin action
					log_admin_action($theme_id);
			
					flash_message($lang->success_imported_theme, 'success');
					admin_redirect("index.php?module=style-themes&action=edit&tid=".$theme_id);
				}
				else
				{
					switch($theme_id)
					{
						case -1:
							$errors[] = $lang->error_uploadfailed_nocontents;
							break;
						case -2:
							$errors[] = $lang->error_invalid_version;
							break;
						case -3:
							$errors[] = $lang->error_theme_already_exists;
					}
				}

In admin/modules/style/templates.php change both instances of:
		if(check_template($mybb->input['template']))
		{
			$errors[] = $lang->error_security_problem;
		}
to:
		$invalidcode = check_template($mybb->input['template']);
		if($invalidcode)
		{
			$errors[] = $lang->sprintf($lang->error_security_problem, $invalidcode);
		}

In inc/languages/[language]/admin/style_themes.lang.php change:
$l['error_theme_security_problem'] = "A potential security issue was found in the theme. It was not imported. Please contact the Author or MyBB Group for support.";
to:
$l['error_theme_security_problem'] = "A potential security issue was found in the theme. It was not imported. Please contact the Author or MyBB Group for support. The following codes in listed templates are invalid and need to be corrected in .xml file:\n<ul>{1}</ul>";
You can modify it for your language, but you have to keep <ul>{1}</ul> at the end.

In inc/languages/[language]/admin/style_templates.lang.php change:
$l['error_security_problem'] = "A potential security issue was found in the template. Please review your changes or contact the MyBB Group for support.";
to:
$l['error_security_problem'] = "A potential security issue was found in the template. Please review your changes or contact the MyBB Group for support. The following codes are invalid and need to be corrected:\n<ul>{1}</ul>";
You can modify it for your language, but you have to keep <ul>{1}</ul> at the end.


Then, after doing these changes in files, import the theme/modify template again. It should list all required changes (and while importing theme all templates where they need to be done) like this:
https://docs.google.com/file/d/0B6pgReiH...p=drivesdk
You can either remove the listed codes, or fix them if you know how, and the theme/template will be imported/editted without any problem during next attempt.
Reply
#2
Can I still use this now in 2017? If so It would be great I would love to increase the security around my forum because we got defaced once already by other competitors.

thank you for your time.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)