[TH] Question and Answer Forums [Deleted]

Hi Jake, it isn't an XF addon but a standalone script called Questions2Answer ( http://www.question2answer.org/ )

Alternatively a generic import (XML or CSV) tool wouldn't be too bad as I could export the data from that system into that format first.

The tricky bit would be users but I assume it would be mapped directly across by matching usernames where applicable. I am not too fussed about losing votes but to have the questions, the answers, the chosen answers and where possible the tags across would be nice. An option regarding category would be great too (different forum, prefix etc)
 
Hello @ThemeHouse,

There is an little exploit in your addon.

The action to upvote or downvote is a simple get request.
So any user can upvote a reply by clicking the link (sent via a private message as an example).

You might use POST requests and the xfToken verification ?

Thanks for the help
 
Hello @ThemeHouse,

There is an little exploit in your addon.

The action to upvote or downvote is a simple get request.
So any user can upvote a reply by clicking the link (sent via a private message as an example).

You might use POST requests and the xfToken verification ?

Thanks for the help

We're actually in the process of changing the upvote action to be done through javascript, which will also solve this (in a similar way to if you view the direct link to Like a post). But for now I'll push out an update that just includes the CSRF token as a GET parameter :)

Did you have a look ? :)

Not yet, the last update was just adding in a permission that didn't get included in the update before :)
 
ThemeHouse updated [TH] Question and Answer Forums with a new update entry:

Version 1.0.5 Patch Level 3 Released

This is a security update, so it is recommended that you upgrade as soon as possible.

Bugs Fixed:
  • A low risk potential for CSRF that would allow a someone to trick other users into upvoting/marking their post as the best answer by sharing the link to that action and masking it as something else. This will not compromise any user data, but could allow a user to get false upvotes on their replies

Read the rest of this update entry...
 
We actually have that done already, I thought it was included in the last release, but I think we forgot to merge that one in before releasing so it'll be in the next update :)
HI Jake, is this working yet? I've updated to latest release but I still can't seem to mark a post as best answer?
 
Lots of server errors since updating:

ErrorException: [E_NOTICE] Undefined index: messages src/addons/ThemeHouse/QAForums/Listener/Criteria.php:22
Generated by: Unknown account Feb 3, 2018 at 7:43 PM
 
Hi, is it possible to make an option for material icons in postbit? I use UI.X2 and it is the only thing without an icon.. ;)

2018-02-06_20-35-03.webp
 
Lots of server errors since updating:

ErrorException: [E_NOTICE] Undefined index: messages src/addons/ThemeHouse/QAForums/Listener/Criteria.php:22
Generated by: Unknown account Feb 3, 2018 at 7:43 PM

Didn't get a notification from this for some reason -- looking into it now.

Hi, is it possible to make an option for material icons in postbit? I use UI.X2 and it is the only thing without an icon.. ;)

View attachment 168297

Not something we can do from the add-on as material icons aren't available in the default style, will have to look into whether this can be done from within UI.X
 
Last edited:
I'm not able to replicate that, is the forum containing the thread set to force threads to be Q&A Threads? That's the only thing I can think of that would cause this
 
Top Bottom