Tapatalk Forum App for xenForo - iOS / Android / Windows Phone Mobile App [Deleted]

[Robru]

While our engineering team and other security apps have classified this as a low risk item and have not received any reports of compromised systems, we still recommend that you update your forum's Tapatalk plugin to the latest version available on our website.

Plug-ins versions that have been patched:
vBulletin 3 v4.4.1
vBulletin 4 v5.0.1
phpBB 3 v4.4.1
IPB 3.4 v3.9.1
SMF 2 v3.9.5
Xenforo v2.0.4
MyBB v3.9.1
Kunena3 v1.1.5
Vanilla v1.4.2
WBB4 V1.0.1

If your forum platform is not listed above, it is not vulnerable to the cross site scripting issue.
If you have any questions, please reply to this message and let us know. We will only be communicating this issue via email to avoid broadcasting the existence of the vulnerability and putting forum owners who have not yet updated in unnecessary risk.

Thank You,
Ken Hsu
Community Manager
Tapatalk inc.

 

[Adam Howard]

Hi, Tapatalk adds a welcome header to the site when viewed on a mobile, despite the "Mobile Welcome Screen" being disabled

How do we disable this completely? I don't want it to show up at all, ever

Thanks

Good question...

First and this is important, make sure you have disabled that welcome screen

AdminCP > Options > Tapatalk - General - Options
un-check the box that reads, Mobile Welcome Screen, then save

Now to finally get rid of that drop down header that your members are first greeted with.

mobiquo / smartbanner / head.inc.php

Look for

// display smart banner and welcome page
$app_banner_head = '';
if (file_exists($tapatalk_dir . '/smartbanner/welcome.php') && file_exists($tapatalk_dir . '/smartbanner/appbanner.js'))
{
    $GLOBALS['app_head_included'] = true;
    $app_banner_head = '
        <!-- Tapatalk Banner&Welcome head start -->
        <link href="'.$tapatalk_dir_url.'/smartbanner/appbanner.css" rel="stylesheet" type="text/css" media="screen" />
        <script type="text/javascript">
            var is_mobile_skin     = '.$is_mobile_skin.';
            var app_ios_id         = "'.$app_ios_id.'";
            var app_android_id     = "'.addslashes($app_android_id).'";
            var app_kindle_url     = "'.addslashes(urlencode($app_kindle_url)).'";
            var app_banner_message = "'.addslashes($app_banner_message).'";
            var app_forum_name     = "'.addslashes($app_forum_name).'";
            var app_location_url   = "'.addslashes($app_location_url).'";
            var app_board_url      = "'.addslashes(urlencode($board_url)).'";
            var functionCallAfterWindowLoad = '.$functionCallAfterWindowLoad.';
        
            var app_forum_code = "'.(trim($api_key) ? md5(trim($api_key)) : '').'";
            var app_referer = "'.addslashes(urlencode($app_referer)).'";
            var app_welcome_url = "'.addslashes($tapatalk_dir_url.'/smartbanner/welcome.php').'";
            var app_welcome_enable = '.($app_ads_enable ? 1 : 0).';
        </script>
        <script src="'.$tapatalk_dir_url.'/smartbanner/appbanner.js" type="text/javascript"></script>
        <!-- Tapatalk Banner head end-->
    ';
}

And either remove it or comment it out.

If you comment it out, it will look like this

// display smart banner and welcome page
// $app_banner_head = '';
// if (file_exists($tapatalk_dir . '/smartbanner/welcome.php') && file_exists($tapatalk_dir . '/smartbanner/appbanner.js'))
// {
//    $GLOBALS['app_head_included'] = true;
// 
//    $app_banner_head = '
//        <!-- Tapatalk Banner&Welcome head start -->
//        <link href="'.$tapatalk_dir_url.'/smartbanner/appbanner.css" rel="stylesheet" type="text/css" media="screen" />
//        <script type="text/javascript">
//            var is_mobile_skin     = '.$is_mobile_skin.';
//            var app_ios_id         = "'.$app_ios_id.'";
//            var app_android_id     = "'.addslashes($app_android_id).'";
//            var app_kindle_url     = "'.addslashes(urlencode($app_kindle_url)).'";
//            var app_banner_message = "'.addslashes($app_banner_message).'";
//            var app_forum_name     = "'.addslashes($app_forum_name).'";
//            var app_location_url   = "'.addslashes($app_location_url).'";
//            var app_board_url      = "'.addslashes(urlencode($board_url)).'";
//            var functionCallAfterWindowLoad = '.$functionCallAfterWindowLoad.';
//         
//            var app_forum_code = "'.(trim($api_key) ? md5(trim($api_key)) : '').'";
//           var app_referer = "'.addslashes(urlencode($app_referer)).'";
//            var app_welcome_url = "'.addslashes($tapatalk_dir_url.'/smartbanner/welcome.php').'";
//            var app_welcome_enable = '.($app_ads_enable ? 1 : 0).';
//        </script>
//        <script src="'.$tapatalk_dir_url.'/smartbanner/appbanner.js" type="text/javascript"></script>
//        <!-- Tapatalk Banner head end-->
//    ';
// }

Now if you would rather someone else did the work for you, you can simply download the attached file and upload it.

You're welcome

 

[Adam Howard]

You cannot simply delete your forum directly from TapaTalk (you once could). Now it is a "process"

To delete your account:
Please provide your forum URL by e-mail
Your e-mail request must be sent from an e-mail address on the same domain as your forum, example webmaster@FORUMURL.com where FORUMURL.com is the domain / forum url you wish to remove.
Please send this request to lin@tapatalk.com
If you don't have an e-mail address associated with your FORUMURL specifically, you must send this from the e-mail address associated with your username on TapaTalk's site (where the FORUMURL is under your control).

 

[Alpha1]

Oh yeah. I forgot about that issue. Thats because they cache your sites content in their systems.

 

[Adam Howard]

Oh yeah. I forgot about that issue. Thats because they cache your sites content in their systems.

Wasn't it another mobile app that does that?

I don't think it was TapaTalk

 

[Alpha1]

Your thinking about topify which scraped your site without you installing anything. Thats different.
Tapatalk fetches your content trough their software, caches it and then serves it up to tapatalk users.

 

[Adam Howard]

Your thinking about topify which scraped your site without you installing anything. Thats different.
Tapatalk fetches your content trough their software, caches it and then serves it up to tapatalk users.

I did not know that (I do now).

But yes, I was thinking you were getting Topify confused. At the moment they do not support, XenForo (it seems only vBulletin). Something for us to all worry about in the future I guess.

 

[Adam Howard]

ReferenceError: tapatalkDetect is not defined
<script type="text/javascript">tapatalkDetect()</script>

https://support.tapatalk.com/threads/referenceerror-tapatalkdetect-is-not-defined.23424/

Giving it a quick look over, the one place where I see that bring called upon is in

/library/Tapatalk/EventListener/Hook.php

In which case you will find the code for this... Trying to figure out how to patch this myself.

This bug seems to finally been corrected in the current beta

Beta Release 5/31/2014 2.1.0
Version 2.1.0 release (beta version)

Update Note:

Bug Fix:

1. fix online user page resulted server errors
2. fix rename topic permission issue
3. fix rename topic will remove prefix issue
4. fix report post failure issue
5. fix moderation permission issue
6. fix avatar display resulted server error
7. fix short content with 'quote' bbcode not moved issue
8. fix alert unread status not cleared on browser issue
9. fix invalid spoiler invalid problem
10. fix invalid error response issue
11. fix avatar redirect 303 issue

New Feature:

1. support display post countdown time for app
2. support edit prefix function for app
3. support advanced merge topics function
4. optimize user status display(inactive,ban,waiting approval)
5. optimize moved topic status display

Direct Download link
http://tapatalk.com/files/plugin/tapatalk_xf10_2.1.0.zip
Lease direct (Found on)
http://tapatalk.com/activate_tapatalk.php?plugin=xnf

 

[Chewychunga]

need to update this page with newest version

 

[Floyd R Turbo]

Tapatalk doesn't come here often. Funny because they run their forum on xF but man does their support and attention to detail (like UPDATING THE RESOURCE) suck.

 

[dvsDave]

Yeah, I was just coming to comment on the fact that the resource on xenforo.com is still version 2.0.3 while tapatalk.com is at 2.1.0

1) Please update the resource on xenforo more promptly (let xenforo handle notifications, and host the file, decreasing your bandwidth use)
2) Or setup automated emails that alert us to updates when they posted to tapatalk.com (taptatalk handles notifications directly)

Either solution would work, as long as we are notified promptly when a new update is posted.

 

[Brent W]

Do you not get emails about updates? I get emails every time a new xenForo plugin is updated for each of my sites.

 

[dvsDave]

Do you not get emails about updates? I get emails every time a new xenForo plugin is updated for each of my sites.

I do get the emails! My issue is that the authors of tapatalk aren't updating the resource on xenforo.com, but they are posting the new version on tapatalk.com. I get emails from tapatalk only if they have a security update, not for each new version posted (unlike on xenforo, where I get emails for each update posted)

My post was basically, either they need to get better about posting the updates to their resource here on xenforo or they need to setup automated email notifications when they update the resource on their site!

 

[Floyd R Turbo]

@BamaStangGuy Tapatalk has not updated this app on here in a long time. They are on 2.1.0 on tapatalk's site and haven't bothered to update it here. I think they think that since everyone who uses the app has to register on their site to get their key, and that their site will then tell them that their app is out of date, that they don't need to bother posting an update on here.

 

[dvsDave]

@BamaStangGuy Tapatalk has not updated this app on here in a long time. They are on 2.1.0 on tapatalk's site and haven't bothered to update it here. I think they think that since everyone who uses the app has to register on their site to get their key, and that their site will then tell them that their app is out of date, that they don't need to bother posting an update on here.

but they don't send emails the second it's out of date, either! I get notifications from them usually a week or two after the update is posted!

 

[tapatalk]

tapatalk updated Tapatalk Forum App for xenForo - iOS / Android / Windows Phone Mobile App with a new update entry:

Bug Fixes & New Features

Bug Fix:
Fix online user page resulted in server errors
Fix rename topic permission issue
Fix rename topic will remove preFix issue
Fix report post failure issue
Fix moderation permission issue
Fix avatar display resulted in server error
Fix short content with 'quote' bbcode not moved issue
Fix alert unread status not cleared in browser issue
Fix invalid spoiler problem
Fix invalid error response issue
Fix avatar redirect 303 issue

New Features & Improvements:
Support display post countdown...

Read the rest of this update entry...

 

[Adam Howard]

TapaTalk 2.1.0 fix patch

follow instructions from here
http://xenforo.com/community/thread...ws-phone-mobile-app.27837/page-27#post-771884

New file already pre-patched attached here

 

[Brent W]

TapaTalk 2.1.0 fix

follow instructions from here
http://xenforo.com/community/thread...ws-phone-mobile-app.27837/page-27#post-771884

New file already pre-patched attached here

To say that something is fixed is wrong. There is nothing broken. You are removing functionality.

 

[Adam Howard]

To say that something is fixed is wrong. There is nothing broken. You are removing functionality.

It's a matter of perspective.

The actual setting in TapaTalk clearly reads (in their own wording)

"Tapatalk will show a one time welcoming screen to mobile users to download the free app, the screen will contain your forum logo and branding only, with a button to get the free app."

Disabling this technically does not actually remove the welcome screen. You're still met with a screen that makes your site semi transparent (out of focus) and bringing into focus a "welcome screen" (notice) telling you that this site uses TapaTalk and recommending you to download it.

With this setting enabled, you're technically greeted with 2 of them. The first being dark and taking most of the screen and the 2nd being the one above.

Both bring your site out of view and both instruct / advises people to download and use TapaTalk.

Essentially, the only thing that differs between them really is the color of the background (one dark, one semi transparent) and one includes your logo and the other does not.

What this "fix" does is make disabling that setting more accurate.

 

[Brent W]

It does remove the welcoming screen. It doesn't remove the smart banner. It's literal. There is no matter of perspective. There is no option to disable the smart banner. There is an option to disable the Mobile Welcome Screen.

What you should do, instead of offering a faux fix, is suggest that when the Mobile Welcome Screen is enabled, the smart banner should not show.

That would be a fix.