Recent Posts

Pages: [1] 2 3 ... 10
1
Pre-sale queries / Re: OpenRedirect?
« Last post by vbgamer45 on May 12, 2020, 02:42:38 pm »
$baseurl is not in the normal mod by default. I would like to see how that is defined.
Yes, a spider can still see the url. .But, I could add code in the template to hide the link from major spiders.
2
Pre-sale queries / Re: OpenRedirect?
« Last post by elomaran on May 11, 2020, 07:20:38 pm »
That's the version I installed, yes (just double checked the install file). The redirect could still be taken (by a spider, most likely) and altered to redirect to another website (Russian spam, in my case).

When I commented this part out:
Code: [Select]
        if (isset($_REQUEST['thememode']))
        {
                $_SESSION['id_theme'] = 0;

                if ($_REQUEST['thememode'] == 'full')
                        setcookie('smf4m_mode', 'full', time() + (86400
                * 60)); else
                        setcookie('smf4m_mode', 'mobile', time() +
                (86400 * 60));

                if (isset($_REQUEST['redirect']))
                        redirectexit(urldecode($_REQUEST['redirect']));
        }
the redirect stopped working, but then the page had to be manually refreshed after switching the theme.  So we changed the last line to
Code: [Select]
redirectexit($baseurl);

to have a working mod that didn't allow the forum to redirect to Russian spam websites. I only know very little php, so I had to rely on my friend, who called this fix "ugly, but it should work"
3
Pre-sale queries / Re: OpenRedirect?
« Last post by vbgamer45 on May 11, 2020, 07:04:35 pm »
That shouldn't have been the case I checked the mod and code uses the following now
Code: [Select]
if (isset($_REQUEST['redirect']))
{
global $boardurl;
if (substr_count(urldecode($_REQUEST['redirect']),$boardurl) == 0)
fatal_error("Unable to redirect",false);
else
redirectexit(urldecode($_REQUEST['redirect']));
}
4
Pre-sale queries / Re: OpenRedirect?
« Last post by elomaran on May 11, 2020, 06:49:02 pm »
Yes, the fix for redirect was fixed after I took over the development of the mod back in 2017 I believe.
After installing the 2.5 version of the theme and 2.04 of the mod, I found out that the redirect link could still be exploited by spammers. The OpenRedirect turned out to be still open. My IT friend looked through the code and found the culprit in one of the changes the mod makes to the load.php.


Changing
Code: [Select]
                 if (isset($_REQUEST['redirect']))
                         redirectexit(urldecode($_REQUEST['redirect']));

to
Code: [Select]
                if (isset($_REQUEST['redirect']))
                        redirectexit($baseurl);

fixed the vulnerability, and the link used by the spammers (and the testlink my friend set up to redirect to his webspace) finally doesn't work any longer.
5
Pre-sale queries / Re: Is functions available
« Last post by vbgamer45 on May 06, 2020, 01:19:46 pm »
You can check out most of the features by clicking the mobile mode button on the bottom of the website

You can enable recent posts and change the color of one variable the main color via the theme settings page.

Attached the ad theme settings for this theme here
6
Pre-sale queries / Re: Calendar
« Last post by vbgamer45 on May 06, 2020, 07:49:58 am »
You can see it on desktop
7
Pre-sale queries / Is functions available
« Last post by Gayrat on May 06, 2020, 02:48:46 am »
Is this functions supports?

1. Calendar (desktop only)
2. Recent post in main view
3. new answers to your post (button)
4. new posts from last visit  (button)
5. customize top menu (it's possible by modifing code, I'm need dcoumentation)
6. help to change colors and backgrounds (documentation). The best if it's present in css variables
8
Pre-sale queries / Re: Calendar
« Last post by Gayrat on May 06, 2020, 02:39:48 am »
Is calendar unavailable from desktop too ?
9
Pre-sale queries / Re: OpenRedirect?
« Last post by elomaran on May 04, 2020, 07:43:52 pm »
Thanks for the fast reply! I'll make my purchase then.
10
Pre-sale queries / Re: OpenRedirect?
« Last post by vbgamer45 on May 04, 2020, 06:56:52 pm »
Yes, the fix for redirect was fixed after I took over the development of the mod back in 2017 I believe.
Pages: [1] 2 3 ... 10