Thread: Top 'X' Stats
View Single Post
  #250  
Old 25 Feb 2006, 03:04
georgedd georgedd is offline
 
Join Date: Aug 2004
BTW, I've gone ahead and fixed the "non entity" bug I reported above. For those interested, inside topxstats.php (or edit directly in vbulletin control panel), find the lines:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

and add beneath it one extra line:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Also, inside the template "topXstats_thread_bit", find:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

and change that to:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I highly recommend you implement the above changes or changes of your own. Otherwise, someone can execute arbitrary JavaScript code on your site just by entering as the title of a thread the script, such as:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

__________________
JavaScript Kit- JavaScript tutorials free scripts.
Coding Forums- Web coding and development forums
CSS Drive- Categorized CSS gallery and examples

Last edited by georgedd; 25 Feb 2006 at 03:11.
Reply With Quote