By BBC, i think he means British Broadcat Company's website.
1 2008-11-16 15:26
Re: [request] Rss feed creates new topics automatically (22 replies, posted in PunBB 1.3 extensions)
2 2008-11-16 15:23
Re: [Release] Meta Tags Administration (48 replies, posted in PunBB 1.3 extensions)
You are absolutely right and I think that it's better if only super admins can edit fields where you can put html. Anyway, I fixed this problem on my forums, every fields are filtered, in the admin panel too.
Sorry for my poor english 
3 2008-11-15 23:44
Re: [Release] Meta Tags Administration (48 replies, posted in PunBB 1.3 extensions)
Garciat wrote:
Now, why would an ADMIN exploit this vulnerability? After all, this extension's configuration can only be edited by admins.
Also, there's a message saying:
Please, don't use any HTML, BBCode or harmful characters.
on the configuration page, so I'm not really worried about this.
Thanks anyways, I appreciate your concern.
I know that only admins can acces to you extension but it can be dangerous anyway. Example:
You have another admin on the forum, and he wants you password, by exploiting this vuln, he could install a javascript keylogger on you forum, and he may get your password
It isn't enough to put a message saying "Please don't..."
Hope you'll understand.
4 2008-11-15 17:16
Re: [request] Last 20 topics on first page (7 replies, posted in PunBB 1.3 extensions)
Yes it is.
5 2008-11-15 17:04
Re: Question : Group relationship (8 replies, posted in PunBB 1.3 troubleshooting)
Yes it doesn't 
6 2008-11-15 08:11
Re: [Release] Meta Tags Administration (48 replies, posted in PunBB 1.3 extensions)
XSS :
<meta name="keywords" content=""><script>alert(0)</script>" />
<meta name="robots" content=""><script>alert(0)</script>" />Patch :
File : ./extensions/meta_tags_admin/manifest.xml
Line 63 | $forum_head['descriptions'] = '<meta name="description" content="'.$forum_config['o_meta_tags_admin_desc'].'" />';
Replace with | $forum_head['descriptions'] = '<meta name="description" content="'.forum_htmlencode($forum_config['o_meta_tags_admin_desc']).'" />';
Line 88 | $forum_head['descriptions'] = '<meta name="description" content="'.$first_post.'" />';
Replace with | $forum_head['descriptions'] = '<meta name="description" content="'.forum_htmlencode($first_post).'" />';
Line 95 | $forum_head['keywords'] = '<meta name="keywords" content="'.$forum_config['o_meta_tags_admin_keyw'].'" />';
Replace with | $forum_head['keywords'] = '<meta name="keywords" content="'.forum_htmlencode($forum_config['o_meta_tags_admin_keyw']).'" />';
Line 98 | $forum_head['robots'] = '<meta name="robots" content="'.$forum_config['o_meta_tags_admin_robo'].'" />';
Replace with | $forum_head['robots'] = '<meta name="robots" content="'.forum_htmlencode($forum_config['o_meta_tags_admin_robo']).'" />';7 2008-11-14 17:31
Re: Only An Error (4 replies, posted in PunBB 1.2 bug reports)
It isnt an error. They added a php code that adds a class name into the <li>
Ex :
<li class="isactive"><a href="profile.php?section=essentials&id=<?php echo $id ?>"><?php echo $lang_profile['Section essentials'] ?></a></li>8 2008-11-14 17:10
Topic: You may be interested of that =] (2 replies, posted in PunBB 1.3 bug reports)
Whooops
Email sent
