Thread: Add-On Releases - [AJAX] Helpful Answers - Allow users to rate individual posts
View Single Post
  #1160  
Old 08-11-2012, 07:02 PM
Ted S Ted S is offline
 
Join Date: Dec 2003
Location: SoCal
Posts: 3,954
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by faisaly.com View Post
Hello all .
There is a nasty bug with this hack .
If someone tries to copy the link of a yes/no button which is used for rating while he is logged in , and then logs out and enters it in a browser, the rate gets accepted!!
(suppose the link to the yest button is like this : http://forum.ustmb.ir/helpfulanswers...id=5662&rank=1 , if you copy this to your address bar and press enter, the rate will be accepted! while you are not logged in at all!)
This causes mischievous users to abuse the system for giving positive or negative rates as they wish!
would someone please think about it ?
Interesting.... There's 5 of 6 different options that would stop this from happening like if you had a post minimum, votes per day, etc. but in the absence of those it looks like you are correct. And it's gone unnoticed for years too

Simple fix with the attached xml and voting script.

I'll test around more this evening and clean it up for a release.
Attached Files
File Type: xml helpful_answers.xml (82.0 KB, 9 views)
File Type: php helpfulanswers.php (20.0 KB, 9 views)
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01105 seconds
  • Memory Usage 1,785KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (2)postbit_attachment
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete