• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

Remove ability for mods to use HTML in announcements

Admin

Admin

Well-Known Member
Staff member
Administrator
Currently is someone is able to hack into one your of moderator accounts they could use it to launch a XSS assack since they could select the option to use HTML in announcements.

To fix this open modcp/announcement.php

Change

PHP: 
print_yes_no_row($vbphrase['allow_html'], 'announcementoptions[allowhtml]', ($announcement['announcementoptions'] & $vbulletin->bf_misc_announcementoptions['allowhtml'] ? 1 : 0));

to

PHP: 
//print_yes_no_row($vbphrase['allow_html'], 'announcementoptions[allowhtml]', ($announcement['announcementoptions'] & $vbulletin->bf_misc_announcementoptions['allowhtml'] ? 1 : 0));

All you are doing is commenting it out. You will need to do this each time you upload a new version of vbulletin.
 
You must log in or register to reply here.

Facebook Comments

Similar threads
Thread starter Title Forum Replies Date
Admin Hướng dẫn xoá demo Oppo A16K, Reno7 Z 5G đơn giản - How to remove retail demo on A16K, Reno7 Z 5G Android, ios, java, windows phone 0
Admin Hướng dẫn xoá demo Oppo A76 đơn giản - How to remove retail demo on Oppo A76 Android, ios, java, windows phone 0
Admin Hướng dẫn gỡ demo Samsung Galaxy A53, Galaxy A73 - How to remove retailmode Samsung Galaxy A53, Galaxy A73… Android, ios, java, windows phone 1
Admin [OzzModz] Remove Register Button From Login Form Xenforo 0
Admin [OzzModz] Remove Preview Button In Editor Xenforo 0
Admin [OzzModz] Remove Thread Prefix From Page Title Xenforo 0
Admin Hướng dẫn xóa sổ hoàn toàn ký tự Nokia S40 cho Xenforo 2 - Remove all nokia s40 characters for xenforo 2 Xenforo 0
Admin Remove the name and creation date under the thread title xenforo 2 Xenforo 0
Admin Remove little border on tab menu when scrolling xenforo 2 Xenforo 0
Admin Remove/hide forum name and description from forum page xenforo 2 Xenforo 0
Admin [OzzModz] Remove Additional URL Fields From Resources Xenforo 0
Admin [OzzModz] Remove The Last Posters Avatars Xenforo 0
Admin tuoitreit.vn remove or modify copyright xenforo 2 Xenforo 0
Admin [OzzModz] Remove Reactions From What's New Page Xenforo 0
Admin Hướng dẫn xóa khoảng trắng trên trang sản phẩm Woocommerce - How to remove the gap between products in Woocommerce Wordpress 0
cuongpro9x Share Chia sẻ bản quyền lifetime USB Safely Remove Phần mềm 0
Admin Remove RSS Xenforo 2.x Xenforo 0
Admin Hướng dẫn bỏ # trong chuyên mục xenforo - Remove character # category xenforo Xenforo 0
Admin Hướng dẫn xóa bản quyền vBSEO 3.6.0 - Remove copyright vBSEO 3.6.0 Vbb tutorial 0
Admin TW7S - Remove Legend and Permissions Boxes from FORUMHOME FORUMDISPLAY and SHOWTHREAD Style vbb 0
Admin Remove Title From Conversation URL 1.0 Xenforo 0
N USB Safely Remove Phần mềm 0
Admin TW7S - Remove "Reply with Quote" and Multi-Quote from first post in thread Add-ons 0
style Help Mod Tkank Và remove tkanks Vbb Vbulletin 6
Tjeuphong Hướng dẫn Thêm nút remove thanks cho style mobile Add-ons 17
Admin Remove Titles From Posts Add-ons 0
Admin TW7S - Remove "Reply with Quote" and Multi-Quote from first post in thread Add-ons 2
Admin vBSocial.com Social Network -v.9.2 vB5 Mods (Ajax) Add-ons 0
Admin Different Post Body Background For Admin And Mods Vbb tutorial 0
Admin Mods LateX Editor - Chèn công thức toán học vào bài viết Add-ons 0
Admin Themes s40v3v5v6 mods icon belle by hienkave S40 0
Admin [Mod] vBRecycle for 3.8.x, mods thùng rác Add-ons 0

Similar threads

New posts New threads New resources

Back
Top