Thank you @kghector for the security report!
* Fixed XSS exploit with SteamProfile badge
An XSS exploit was found that could potentially inject unsafe scripts into forum pages. It is recommended that you upgrade to this release immediately.
Due to the nature of this exploit I'm providing a fix for the 1.6 branch (for XenForo 1.5+) as well as the 1.5 branch of Steam Authentication (for XenForo 1.3.x and 1.4.x).
The 1.5 branch file is attached to this post.
Do you accept pull requests?
Is it possible to remove the "Powered by Steam" in the footer? http://prntscr.com/9zgn10
Valve Brand and Links
Each page that uses the Steam Web API must contain a link to http://steampowered.com with the text "Powered by Steam". We suggest that you put this link in your footer so it is out of the way but still visible to interested users.
Trying to figure out how to add the steam tab to the side pannel with the other ribbons on the main boards? Any idea why it does not show up? Using the UI.X theme.
You can change the execution order in ACP -> Appearance -> Template Modifications -> message_user_info under Steam Auth. Looks like another addon is executing their template modifications after Steam Auth. If changing the execution order doesn't fix it, it's using the old hook system and I can't resolve that.
Isnt message_user_info only for the block when posting messages? Or is this the same template the infoblock on the profile page?
You can manually add the steam_message_user_info into your template. The third party theme must deviate from the normal XenForo coding structure.
Sorry, your screenshot was not showing me more of the page, I misinterpreted it as a forum post, not a member profile page.
member_view is what you want to change the execution order in.
We use essential cookies to make this site work, and optional cookies to enhance your experience.