Reset Templates

By Arvind Satyanarayan on | Filed under Design & Templates | Comments (12)

To reset templates within a blog browse to the following url http://www.mydomain.com/mt/mt.cgi?_mode=resetblogtemplates&blogid=BLOGID

Replace the bits in red with your domain, path to MT and blogid (this can be found by logging into MT and going to the blog's menu and you'll see it in the address bar as &blog_id=X where X is the blogid)

12 Comments

lavonne said:
on Dec 2, 2004 12:43 AM | Reply

hmm. didn't work. but i love your site. thanks for all the great tips... still working my way through 'em.

sarah said:
on Dec 5, 2004 5:39 AM | Reply

Might pay to warn people here that this will not only reset the blog to have default templates (the current set of Index, Archive & Special Templates), but it will also remove any additional templates people may have added.

So, it's a good trick to use if you've not made any customisations, and want to make sure you've got the latest version of the default templates (or want to revert back to those defaults), but not for everyone. :-)

(o) said:
on Dec 14, 2004 5:58 AM | Reply

It is not a mere trick but a vulnerability in Movable Type. For example, someone who knows your blog's AdminScript URL can send a ping and link this reset-blog-templates URL to your blog.

Arvind Satyanarayan said:
on Dec 14, 2004 5:56 PM | Reply

Nope, you need to be logged in and have the permissions to reset that blog templates.

(o) said:
on Dec 14, 2004 8:08 PM | Reply

Yes, and no.

Once a blog owner logged in as an admin user and saved his/her username and encrypted password to a cookie, he/she can do reset templates without any confirmation. That's what I said a vulnerability.

More essentially, unlike resetdefaulttemplates, other critical actions such as delete entries/authors/blogs are checked whether the request is based on POST method or not. But resetdefaulttemplates is not checked and can be requested using GET method.

Arvind Satyanarayan said:
on Dec 14, 2004 9:00 PM | Reply

Yep there's no confirmation because its more of a hack to the url than a supported way to reset your templates..

t3ase said:
on Mar 13, 2005 5:06 PM | Reply

Any way to disable this?

Arvind Satyanarayan said:
on Mar 13, 2005 8:20 PM | Reply

There sure is, just delete the entire "resetblogtemplates" subrountine found around line 4762.

There's no need to delete it though. It is completely protected from unauthorized uses, people still need to login to MT and have permissions on a blog to reset it.

t3ase said:
on Mar 14, 2005 1:31 AM | Reply

I just don't think I'll ever need to reset templates from a URL, so why risk it? Seems like having a web based 'rm -rf /' that's "only" accessible to root users.

Thanks for the tip.

Skúli said:
on Dec 11, 2005 8:19 PM | Reply

I am having problems using this trick, every time I try it I get the following error: It looks like you've changed your password recently. Please log out and log in again to complete this action

The thing is I am trying to rebuild my templates, but I keep getting errors... I am completly dumbfounded.

Alicia said:
on Jul 31, 2006 1:46 AM | Reply

Nice templates!

However, I already purchased several at http://www.web-site-templates.org quite cheap.

Now I'm working to create the website

Alicia