I use PNphpBB2 1.2i and noticed a problem where if you click on the smilies button on Quick Reply a messages pops up saying:
'Hacking attempt1'
I had the same problem with PNphpBB2 1.2h. For some reason the qmode GET variable wasn't being properly passed in quick_reply.php. I fixed the problem by adding the following code to quick_reply.php:
if ($_GET['qmode'] == 'smilies'){
$mode = 'smilies';
}
if ($_GET['qmode'] == 'postimages'){
$mode = 'postimages';
}
below:
{
$mode = '';
}
I'm not sure if the same problem existed for phpBB, but PNphpBB2 1.2i is based on phpBB 2.0.21.
Subscribe to:
Post Comments (Atom)
3 comments:
Hi Dave. Thanks for documenting this. I just noticed the same problem on my forum (PNphpBB2 1.2g), did some googling, and turned up this post. Where exactly in quick_reply.php did you add your code? I would like to implement this fix but want to make sure I do it correctly. Thanks for any help!
Clay
Clay- it's near the top right below:
$ModName = basename( dirname( __FILE__ ) );
$phpbb_root_path = './modules/' . $ModName . '/';
if ( isset($HTTP_POST_VARS['qmode']) || isset($HTTP_GET_VARS['qmode']) )
{
$mode = ( isset($HTTP_POST_VARS['qmode']) ) ? $HTTP_POST_VARS['qmode'] : $HTTP_GET_VARS['qmode'];
$mode = htmlspecialchars($mode);
}
else
{
$mode = '';
}
then add:
if ($_GET['qmode'] == 'smilies'){
$mode = 'smilies';
}
if ($_GET['qmode'] == 'postimages'){
$mode = 'postimages';
}
Hi Dave. I now see you actually said where to insert the code in your original post! I glossed right over it. Sorry about that. Thanks for your patience.
Anyway, I added it and it worked great. Thanks again for documenting this. I appreciate.
Clay
Post a Comment