Register
Help
Lost Password
Remember Me?

Checkout (0)
Blogs
- Decado's Dev Blogs
- Site Improvement
Client Area
Mail
Forums
About Us
Store

vBulletin 5 Mods & Upgrades

DragonByte Technologies Ltd is pleased to announce the release of our vB5 modifications. Click here for info.
Already own vB3/4 versions? Click here to upgrade for a small fee.

Go Custom With Dragonbyte-tech

Did you know that DragonByte Tech offers custom services? We offer custom made mods, skins and customizations for vBulletin
and custom skins for IPB and xenForo.
Click here for info.

Become one of our happy customers

In addition to our testimonial box, we have also conducted surveys of customer satisfaction.
The result? 98% of customers would recommend us to a friend.

Serving some of your favourite companies

Have you seen our "Also Runs On" box? Companies like the Curse Network, Tom's Hardware, Gearbox Software and XDA Developers
rely on DragonByte Tech for their forum improvement needs.

Want to test our full range of products?

You can visit DBTechs alternate site - www.DBTech.co and browse and post as normal but with the added bonus of
being able to access and try all of our products.

DragonByte Tech Is Hiring!

DBTech is looking for vBulletin and xenForo coders. Interested?
Send 3 work samples and links to support threads if applicable to dbtech@dragonbyte-tech.com

Join In Our Feedback Surveys

You can sign up to receive our infrequent surveys which help us by giving us invaluable feedback on how you, our customers, feel
about various parts of our service and our upcoming plans. You also get entered into exclusive prize draws!
Click here to sign up!

DragonByte Tech Proudly Hosted By Hivelocity.net

Cloud Servers from HiVelocity Hosting / Sparknode

User Tag List

Results 1 to 1 of 1

Thread: vBShout v6.0.4 (Security Release)

Forum: DragonByte Technologies News

News & Announcements regarding DragonByte Technologies or our products will be posted within.

LinkBack
- LinkBack URL
- About LinkBacks
- Bookmark & Share
- Digg this Thread!
- Add Thread to del.icio.us
- Bookmark in Technorati
- Tweet this thread
Thread Tools
Display
- Linear Mode
- Switch to Hybrid Mode
- Switch to Threaded Mode

24th March 2012, 03:08 #1
Belazor

View Profile

View Forum Posts

Private Message

View Blog Entries

Visit Homepage

View Articles

View Activity
Founder
Level 5 (3,164 Loyalty Points)

is finally done working on vBShop
for now xD

I am:
Please select a category to choose from: - Cancel
- Black
- Blue
- Green
- Purple
- Red
- White
- Yellow
Gil

55,698 (460,361 Banked)

Total Contributions For

Belazor $ 0.00

Join Date

Dec 2009

Location

Glasgow, Scotland

Age

26

Posts

12,215

Blog Entries
13

Points

55,698
Credits

144,408

Problems Posted

0

Problems Solved

3

Best Answers

0

Good Answers

2

Rep Power

10

Post Thanks / Like

Thanks (Given)

10

Thanks (Received)

2479

Likes (Given)

14

Likes (Received)

745

Dislikes (Given)

1

Dislikes (Received)

22

(Given)

8

(Received)

116

Mentioned

755 Post(s)

Tagged

106 Thread(s)

Quoted

1222 Post(s)

Items

Achievements

Awards

vBActivity - Stats

Points

55,698

Level

47

vBActivity - Bars

Lv. Percent

70.46%

Daily Activity

151.61%

Weekly Activity

61.62%

Monthly Activity

145.83%
vBShout v6.0.4 (Security Release)
Hey all,

As reported to us by BugAbuse and Hacking.RS, an XSS vulnerability was discovered in vBShout v6.0.3 and lower. Thus, we bring you this emergency release to address these issues.

In brighter news, we've also re-implemented the auto-scrolling for the Oldest First mode!

vBShout v6.0.4:
Fix: Fixed a security issue that could allow malicious code to be executed when viewing the Archive
Change: Re-implemented auto-scrolling when viewing the shoutbox in Oldest First mode

Thank you for your continued support, and we apologise for this inconvenience

Discuss this news here.

---------- Post added 24th March 2012 at 03:08 ---------- Previous post was 21st March 2012 at 14:23 ----------

For those who can't upgrade to 6.0.4, here's the list of changes from v6.0.3. Note that these changes will not work with the v5.4 branch or lower, and that performing these changes manually is unsupported.

/dbtech/vbshout/actions/archive.php

Find

PHP Code:

        if ($shouts_r['message_raw'] == '/silencelist' OR $shouts_r['message_raw'] == '/banlist')         {             // Special cases, allow HTML             $shouts_r['message'] = unhtmlspecialchars($shouts_r['message']);         }

Add Below

PHP Code:

        else         {             // Ensure this is safe             $shouts_r['message_raw'] = htmlspecialchars_uni($shouts_r['message_raw']);         }

/dbtech/vbshout/clientscript/vbshout.js

Find

PHP Code:

            fetchElem('archive_message', instanceId).filter('[data-shoutid="' + shoutId + '"]').html(editor.val());             fetchElem('archive_message_raw', instanceId).filter('[data-shoutid="' + shoutId + '"]').html(editor.val());

Replace With

PHP Code:

            fetchElem('archive_message', instanceId).filter('[data-shoutid="' + shoutId + '"]').text(editor.val());             fetchElem('archive_message_raw', instanceId).filter('[data-shoutid="' + shoutId + '"]').val(editor.val());

Template: dbtech_vbshout_archive_shoutbit (vB3)

Find

HTML Code:

<td><div style="display:none; {$shout[styleprops]}" name="dbtech_vbshout_archive_message_raw" data-instanceid="$instance[instanceid]" data-shoutid="$shout[shoutid]">{$shout[message_raw]}</div></td>

Replace With

HTML Code:

<td><input name="dbtech_vbshout_archive_message_raw" type="hidden" value="{$shout[message_raw]}" data-instanceid="{$instance[instanceid]}" data-shoutid="{$shout[shoutid]}" /></td>

Template: dbtech_vbshout_archive (vB4)

Find

HTML Code:

<div class="blockrow floatcontainer" style="display:none;" name="dbtech_vbshout_archive_message_raw" data-instanceid="{vb:var instance.instanceid}" data-shoutid="{vb:raw shout.shoutid}">{vb:raw shout.message_raw}</div>

Replace With

HTML Code:

<input name="dbtech_vbshout_archive_message_raw" type="hidden" value="{vb:raw shout.message_raw}" data-instanceid="{vb:var instance.instanceid}" data-shoutid="{vb:raw shout.shoutid}" />
Fillip Hannisdal
Founder & Programming Director
DragonByte Technologies http://www.DragonByte-Tech.com

Please do not Private Message me with support requests or product questions. PMs are only for exchanging sensitive information (like FTP / AdminCP logins).
Please do not Private Message me with business related queries (refunds, complaints, feedback, etc). Decado is the person to PM for those issues.
Please do not Private Message Decado with support requests or forum errors.

When I say "Hotfix Released" it means you should re-download the product and re-upload the files.

Post Thanks / Like - 5 Thanks, 1 Likes, 0 Dislikes, 0

Omidx, BCP Hung, motd2, djFarsang, savraot thanked for this post

phl0w liked this post
Reply With Quote

Quick Navigation DragonByte Technologies News Top

« vBShout v6.0.5 / vBAvatars v1.0.1 (+Lite) / vBMail v1.1.5 | vBShop v2.2.3 (Security Release) »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

Forum Live Feed & User Wall v1.0.0 (Beta) / vBShout v6.0.3 Gold Released

By Belazor in forum DragonByte Technologies News

Replies: 0
Last Post: 11th February 2012, 01:51
vBShout v6.0.0 (Beta) Released!

By Belazor in forum News Discussion

Replies: 19
Last Post: 2nd February 2012, 00:11
vBShout v6.0.1 (Beta) Released!

By Belazor in forum News Discussion

Replies: 3
Last Post: 21st January 2012, 22:41
vBShout v6.0.1 (Beta) Released!

By Belazor in forum DragonByte Technologies News

Replies: 0
Last Post: 19th January 2012, 00:48
vBShout v6.0.0 (Beta) Released!

By Belazor in forum DragonByte Technologies News

Replies: 0
Last Post: 17th January 2012, 02:36

Tags for this Thread

auto, box, chat, chatbox, display, editor, hidden, news, php, shoutbox, shouts, special, style, support, template, text, upgrade, vbshout

Bookmarks

Bookmarks

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

All times are GMT +1. The time now is 19:01.

Powered by vBulletin® Version 4.2.1
Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.
SEO by vBSEO ©2011, Crawlability, Inc.

vBNotifications (Pro) - Copyright © 2013 DragonByte Technologies Ltd.
Resources saved on this page: MySQL 9.52%
Site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details) Runs best on HiVelocity Hosting.
DragonByte Technologies Ltd. Registered in Scotland. Company Number SC397765
TaxKings Limited, 118 Maryhill Rd, Glasgow, G20 7QS, Scotland.
VAT No.: GB113813249

Dedicated Server Hosting provided by Hivelocity.
Digital Point modules: Sphinx-based search
United-Forum: CSS-Sprites