Go Down Skip to main content

Author Topic: Welcome to SMF!

0 Members and 1 Guest are viewing this topic.

  • *****
  • Administrator
  • Posts: 62
  • Cave-dwelling
  • finger of piglets
    • Vanilla 20x
Re: Welcome to SMF!
#8: January 10, 2015, 04:29:21 AM
The custom textareas for some of this theme's settings are potentially a security risk. They are not really more of a security risk than many other items in Admin, but it would be prudent to ensure that anybody you do not really trust does not have access to them.
These settings are very versatile. For example, by inputting javascript you could use them to run a custom jQuery slideshow. If somebody wanted to, they could also input malicious javascript that would do all sorts of things to unwary vistors.
Frankly, the options available in Admin allow anyone to do this anyway, with or without this theme. However, you should be careful about what code you accept for use on your own site. If you do not know what it does, have it checked by someone you trust.
  • IP logged
Stands out like a mate's rate flamin you little ripper galah. :)

  • *****
  • Administrator
  • Posts: 62
  • Cave-dwelling
  • finger of piglets
    • Vanilla 20x
Re: Welcome to SMF!
#9: September 01, 2015, 08:46:31 PM
Test
  • IP logged
Stands out like a mate's rate flamin you little ripper galah. :)

  • *****
  • Administrator
  • Posts: 62
  • Cave-dwelling
  • finger of piglets
    • Vanilla 20x
Welcome to SMF!
#10: October 03, 2019, 10:59:53 PM
The custom textareas for some of this theme's settings are potentially a security risk. They are not really more of a security risk than many other items in Admin, but it would be prudent to ensure that anybody you do not really trust does not have access to them.
These settings are very versatile. For example, by inputting javascript you could use them to run a custom jQuery slideshow. If somebody wanted to, they could also input malicious javascript that would do all sorts of things to unwary vistors.
Frankly, the options available in Admin allow anyone to do this anyway, with or without this theme. However, you should be careful about what code you accept for use on your own site. If you do not know what it does, have it checked by someone you trust.
  • IP logged
Stands out like a mate's rate flamin you little ripper galah. :)

  • *****
  • Administrator
  • Posts: 62
  • Cave-dwelling
  • finger of piglets
    • Vanilla 20x
Welcome to SMF!
#11: October 05, 2019, 09:22:14 AM
Code: [Select]
// Show how many posts they have made.
if (!isset($context['disabled_fields']['posts']))
echo '
<li class="postcount">', $txt['member_postcount'], ': ', $message['member']['posts'], '</li>';

// Is karma display enabled?  Total or +/-?
if ($modSettings['karmaMode'] == '1')
echo '
<li class="karma">', $modSettings['karmaLabel'], ' ', $message['member']['karma']['good'] - $message['member']['karma']['bad'], '</li>';
elseif ($modSettings['karmaMode'] == '2')
echo '
<li class="karma">', $modSettings['karmaLabel'], ' +', $message['member']['karma']['good'], '/-', $message['member']['karma']['bad'], '</li>';

// Is this user allowed to modify this member's karma?
if ($message['member']['karma']['allow'])
echo '
<li class="karma_allow">
<a href="', $scripturl, '?action=modifykarma;sa=applaud;uid=', $message['member']['id'], ';topic=', $context['current_topic'], '.' . $context['start'], ';m=', $message['id'], ';', $context['session_var'], '=', $context['session_id'], '">', $modSettings['karmaApplaudLabel'], '</a>
<a href="', $scripturl, '?action=modifykarma;sa=smite;uid=', $message['member']['id'], ';topic=', $context['current_topic'], '.', $context['start'], ';m=', $message['id'], ';', $context['session_var'], '=', $context['session_id'], '">', $modSettings['karmaSmiteLabel'], '</a>
</li>';

// Show the member's gender icon?
if (!empty($settings['show_gender']) && $message['member']['gender']['image'] != '' && !isset($context['disabled_fields']['gender']))
echo '
<li class="gender">', $txt['gender'], ': ', $message['member']['gender']['image'], '</li>';

// Show their personal text?
if (!empty($settings['show_blurb']) && $message['member']['blurb'] != '')
echo '
<li class="blurb">', $message['member']['blurb'], '</li>';
  • IP logged
Stands out like a mate's rate flamin you little ripper galah. :)

 
Go Up