Reviews
All reviews
(1 vote)
great mod... but
written by wiggy on 30 Apr 2009
written by wiggy on 30 Apr 2009
Needed fixing before it worked: in pop_complaint_showpost.asp the topic_ID and reply_ID querystrings were not sanitised - so if the sql query on the page resulted in a EOF error, a user could inject SQL in the address field and refresh the page. To fix: lines 49-51 IsTopic = CInt(Request.QueryString("IsTopic")) Topic_Id = CInt(Request.QueryString("TOPIC_ID")) Reply_Id = CInt(Request.QueryString("REPLY_ID")) Also, remove the code: "&TOPIC_TITLE=" & Topic_Subject & from steps 10 and 12 and change the code in step 10: 'pop_report.asp?IsTopic=0 to: 'pop_report.asp?IsTopic=1 Hope this helps :)
After install your moderators and admins will see "Complaints" link to complaintmanager.asp and on header, they will see how many reports from users they have in their access areas. Administrators can delete older Solved Tickets, however moderators and administrators can change status of a complaint ticket to 'unsolved'