|
إنضمامك إلي منتديات استراحات زايد يحقق لك معرفة كل ماهو جديد في عالم الانترنت ...
انضم الينا
#1
| ||
| ||
this is happening on our forum which just had the 4.0.2 PL2 patch applied. it may be a hole in previous versions, I'm not sure, it was just discovered last night. if a user edits one of their blog entries by clicking the small pencil icon, they are brought to the editor where they can edit the post. if they click the pencil icon a second time, they are then able to edit the title of the blog entry. once they can edit the title, they are able to enter html. here is an example from our forum: http://www.modernfitnessforum.com/blog.php?u=439 we have turned off the permission for users to edit blog entries until we can fix this potentially damaging security flaw, you may want to do the same. __DEFINE_LIKE_SHARE__ |
مواقع النشر (المفضلة) |
| |