Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

Feed Back to Vanilla Team - broken blog links and security flaw.

RiverRiver MVP
edited June 2016 in Feedback

all of the links to the blog in https://vanillaforums.com/resources/faqs appear to be broken and just go to the main blog page.

e.g. http://vanillaforums.com/blog/help/how-to-add-facebook-twitter-google-and-openid-to-your-community/

goes to http://vanillaforums.com/blog

http://vanillaforums.com/blog/help/implementing-jsconnect-single-signon-on/

goes to http://vanillaforums.com/blog

all of the subject go to the main page.

Is that your intention or are you aware?

regarding security flaw...

this plugin has been marked as a security vulnerabilty?

wouldn't it be wise to remove a plugin from the downloads area - add-ons if it allows XSS attacks? considering it is advisable to upgrade php and vanilla when security flaws are found. why upgrade vanilla if you can introduce a security issue with a plugin that has been identified to contain one and hasn't been updated.

https://vanillaforums.org/discussion/26973/remote-cross-site-scripting-xss-attack-vulnerability-in-firstlastnames-1-3-2-plugin

Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

BleistivtvrijvlinderShadowdare

Comments

Sign In or Register to comment.