This patch addresses a minor Permissions Escalation issue (VWE-2024-6542), where users are able to post wiki content containing more than the maximum number of IMG, MEDIA, and XFMG's GALLERY tags, as defined by the options Maximum images per message and Maximum media per message. The issue only applies to XenForo-based environments.
The patch addresses the issue by applying these options as follows:
- Wiki comments: Tags are counted the same as normal forum posts.
- Wiki pages and other content: Tags are totaled across the main content, any custom field values, and within included templates.
The following patches address the aforementioned issue:
- 4.1.7 Patch Level 3
If you limit the maximum number of these tags in forum messages, you may wish to update to a patched release so that the limit also applies to wiki content. A future version will include separate options for wiki page content, in case you prefer to have a higher maximum value than for regular forum posts.