|
Would it be possible to ignore the Edit Post rows?
What would need changed? Both the xml and the php files, or would just commenting out this line in the php do it? Code:
12 => $vbphrase['edit_post'],Update: Nevermind. Changed the SELECT in spy.php adding: Code:
"AND action <> 12" |
vb 4.2.0 spy gone from community tab
|
Quote:
|
Yes i found it much better and easier now
|
To be honest, I'm disappointed I have to post this here.
This mod is still vulnerable to allowing a user to pass non-sanitized HTML to the spy window. I approached the author around 6-8 months ago and informed him of this, however it is clear that he did nothing about it - didn't fix it, didn't inform users that they were using vulnerable software. While I understand it is hard to admit that you made a mistake when coding, it is even more of a mistake to allow people to run software on their site which is vulnerable to XSS. Cross site scripting ruins companies and ruins lives. http://img266.imageshack.us/img266/7924/xss1.png http://img837.imageshack.us/img837/2915/xss2.png For those of you who want to fix this yourselves, simply edit spy.php and find the following line: $xml->add_tag('preview', $event['preview']); ...and change it to: $xml->add_tag('preview', strip_tags($event['preview'])); Do the right thing and fix your software before someone gets hit. |
Oh yeah... forgot I fixed that on my site years ago and never got around to uploading the new version here. Should be uploaded now.
|
Good stuff, thank you.
|
Is there a way to increase the preview displayed for posts when looking at the spy.php page?
|
Quote:
|
Great mod, in fact this is way better then the default activity manager in vb4.2 lol.
Thanks for the share ;) |
| All times are GMT. The time now is 07:34 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|