Recent Topics on Index page

[bubbley]

What is needed in next release(which is needed now):

- Don't show admin only forums to everyone.
- Move recent topics to the top of the board.

[lecteur]

This user has been denied support.

- Don't show admin only forums to everyone.

Any fix please

[vbgamer45]

I haven't been able to figure that out yet if anyone has an idea let me know.

[lecteur]

This user has been denied support.

I haven't been able to figure that out yet if anyone has an idea let me know.

thanks for answer.

Another problem with this extension, when click whose online : i can't see the location, i can't see the location.. just " Read a topic/discussion"

i try with another test account, when access a thread from "recent topic" i can't see location just read topic but when access from forum to the same topic i can see " test read "topic title"

[NewEraCracker]

Hello.

I've installed this plugin in my board. Unfortunately today an hacker used it to do a XSS attack by placing html code in topic title.

I'd suggest you to take a look at line 133 of \inc\plugins\recenttopicsindex.php

<a href="showthread.php?tid=' . $threadRow['tid'] . '&action=lastpost">' . $subject .'</a> '  . $lang->recenttopics_by . (!empty($threadRow['lastposteruid']) ? ' <a href="member.php?action=profile&uid=' . $threadRow['lastposteruid'] . '">' . $threadRow['lastposter'] . '</a>' : $threadRow['lastposter']) . ' (<a href="forumdisplay.php?fid=' . $threadRow['fid'] . '">' . $threadRow['name'] . '</a>)

$subject should be changed to htmlspecialchars($subject)

Regards,
NewEraCracker.

[vbgamer45]

Thanks patched and update released.
I assumed that the data in the database was already safe did not know that it is needed to be protected during output.

[NewEraCracker]

Hello vbgamer45,

There is another issue with this mod about showing hidden forums.

Issue has been described by stain on 3rd February 2011:
http://mods.mybb.com/reviews/recent-topi...index-page

Thanks

[vbgamer45]

Anyone have a fix for it?

[NewEraCracker]

--- /recenttopicsindex.php    Wed Aug 04 13:18:34 2010
+++ /recenttopicsindex.php    Tue Dec 28 10:20:54 2010
@@ -87,7 +87,7 @@

function recenttopicsindex_show()
{
-    global $db, $mybb, $page, $recenttopics, $theme, $lang;
+    global $db, $mybb, $page, $recenttopics, $theme, $lang, $permissioncache;

    $lang->load('recenttopicsindex');

@@ -107,6 +107,13 @@
</thead>';

    // Run the Query
+    // !!! FIX private forum exposure!!!
+    if ( !is_array($permissioncache) ||
+         (is_array($permissioncache) && ((count($permissioncache)==1) && (isset($permissioncache['-1']) && ($permissioncache['-1'] = "1"))))
+       ) {
+        $permissioncache = forum_permissions();
+    }
+    
    $unsearchforums = get_unsearchable_forums();
    if($unsearchforums)
        $where_sql .= " AND t.fid NOT IN ($unsearchforums)";

[vbgamer45]

Awesome thanks odd that you have to do that before get_unsearchable_forums();

---

Update

1.0.2
!Fixed issue showing private forums thanks to NewEraCracker