Comments (3)
Thanks for reporting this!
I just had a look at the problem. The XSS vulnerability does not affect this version on github.
It does however affect the version currently public on vanillaforums.org.
The problematic line is not the escaping pointed out in 9a63f31.
The bug occurs due to an obsolete unescape
in views/discussionscontroller_local.php
.
I will upload a fix to vanillaforums.org in a second.
from van2shout.
update published.
from van2shout.
Thank you!
from van2shout.
Related Issues (20)
- Role permissions safed in the Firebase token HOT 1
- reset firebase tokens on upgrade
- Delete private messages HOT 3
- Ascending / Descending order for messages
- Annoying sound for new messages
- Online user count HOT 1
- Spam protection
- Too many requests for emoji HOT 4
- 2 bug fixes. forbidden setting and emoji fix HOT 2
- Support for pictures and videos HOT 1
- cannot delete messages when using firebase HOT 1
- private messages stay at the bottom when using firebase HOT 1
- display the shoutbox on a separate page HOT 1
- Problem with special characters HOT 2
- CSS Emoticons freeze firefox HOT 1
- Request: URL parsing in messages
- Unable to delete messages in Vanilla 2.3 HOT 1
- firebase private message recipients are case sensitive HOT 2
- colour select drop down does not open with current setting as default HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from van2shout.