View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
5553Composr non-bundled addonsGeneral / Uncategorisedpublic2024-01-15 17:022024-08-01 21:34
ReporterPDStig Assigned ToPDStig  
PrioritynormalSeveritymajor 
Status assignedResolutionopen 
Summary5553: Activity Feed: Setting the title of a forum topic to a URL causes activity feed link to take people to that URL
DescriptionSetting the title of a forum topic to a URL causes activity feed link to take people to that URL.

This is a huge flaw and allows spammers to further perpetuate spam.
TagsRoadmap: v11, Type: Spam
Attach Tags
Time estimation (hours)
Sponsorship open

Sponsor

Date Added Member Amount Sponsored

Activities

PDStig

2024-01-24 00:14

administrator   ~8233

Last edited: 2024-01-24 00:15

 It's more trouble fixing than is worth for v10; Activity Feed uses comcode_to_tempcode which is causing link-like text to become actual links. But it needs to use this function. There aren't any good ways to stop this function from doing that which won't disrupt the activity render.

Adding to the roadmap for v11 instead, although I may bump it further to v11.1 or v12.

Chris Graham

2024-08-01 21:20

administrator   ~9054

Maybe {$STRIP_TAGS,...} inside the template.

Add Note

View Status
Note
Upload Files
Maximum size: 32,768 KiB

Attach files by dragging & dropping, selecting or pasting them.
You are not logged in You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Issue History

Date Modified Username Field Change
2024-01-15 17:02 PDStig New Issue
2024-01-15 17:02 PDStig Status Not Assigned => Assigned
2024-01-15 17:02 PDStig Assigned To => user4172
2024-01-24 00:14 PDStig Note Added: 0008233
2024-01-24 00:14 PDStig Tag Attached: Roadmap: v11
2024-01-24 00:15 PDStig Note Edited: 0008233
2024-08-01 21:20 Chris Graham Note Added: 0009054
2024-08-01 21:34 PDStig Tag Attached: Type: Spam