Hey all,
An XSS security issue has been discovered affecting all versions of DragonByte Shop from v6.1.0 to v6.4.6. This issue is critical in nature and you should patch your site immediately. This affects XenForo 2.0, 2.1 and 2.2 versions.
All affected versions of DragonByte Shop have been patched, so even if your license has expired or you cannot update for whatever, you can still login and download a fixed version of the version you're currently running.
If you cannot login or download, you can open
Replace its contents with:
Thanks to TickTackk for discovering the issue.
An XSS security issue has been discovered affecting all versions of DragonByte Shop from v6.1.0 to v6.4.6. This issue is critical in nature and you should patch your site immediately. This affects XenForo 2.0, 2.1 and 2.2 versions.
All affected versions of DragonByte Shop have been patched, so even if your license has expired or you cannot update for whatever, you can still login and download a fixed version of the version you're currently running.
If you cannot login or download, you can open
src/addons/DBTech/Shop/Listener.php
and find:public static function templaterFilterRichThreadTitle(
Replace its contents with:
PHP:
if (!$thread->thread_id
|| !$thread->User
) {
return $value;
}
/** @var \DBTech\Shop\XF\Entity\User $user */
$user = $thread->User;
$styleProps = [];
/** @var \DBTech\Shop\Entity\Purchase[]|ArrayCollection $purchases */
$purchases = \XF::repository('DBTech\Shop:Purchase')->filterActivePurchasesForUser($user);
foreach ($purchases as $purchase)
{
$handler = $purchase->handler;
$handler->fire('thread_title_markup', [$thread, &$styleProps], $thread->thread_id);
}
if ($styleProps)
{
$escape = false;
// Ensure we only add the span if needed
return '<span style="' . implode('; ', $styleProps) . '">' . htmlspecialchars($value) . '</span>';
}
return $value;
Thanks to TickTackk for discovering the issue.
Last edited by a moderator: