[RSS Feed/News] CSS for disabled styles can be accessed by everyone

Status
Not open for further replies.

XenForo

Administrative
  • Thread starter
  • Admin
  • #1
When delivering CSS via css.php, XenForo does not check if the style is enabled (or if the accessing user has permission to use disabled styles) and thus also delivers CSS of disabled styles to everyone.

This can be problematic if disabled styles produce errors when rendering (for example if they call templater functions that do not exist) as this would get logged as errors - which can happen quite often if sucher URLs are accessed by crawlers.

Ideally XenForo should return a...

Read more

ادامه مطلب...
 
Status
Not open for further replies.
Back
Top Bottom