Create an account


Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SUGGESTION] <a href="http://tinyurl.com/sydma" style="font-size: 4em;">Fix the front page NOW</a>

#1
Really, I hate this bug.
BRLOGENSHFEGLE (core dumped)

The Bot Orchestra is back! | Xoylent Easter Egg | 5bots1piano
My music on Google Play and SoundCloud
Reply

#2
I can see why this is annoying. And possibly compromising security.
(08-10-2012, 02:37 AM)Mr. Bougo Wrote: Cloud is the new Web 2.0. It makes no damn sense to me.
Reply

#3
Fixed it.

Code:
rpolzer@srv01:/home/httpd/xonotic.org/HTML$ diff -u /tmp/wordbb.php wp-content/plugins/wordbb/wordbb.php
--- /tmp/wordbb.php     2011-05-21 13:58:20.718413641 +0200
+++ wp-content/plugins/wordbb/wordbb.php        2011-05-21 13:58:00.168429991 +0200
@@ -373,12 +373,12 @@
?>
                <li>
                <?php if($mode=='threads') : ?>
-               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid ?>"><?php echo $entry->subject ?></a>
+               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid ?>"><?php echo htmlspecialchars($entry->subject) ?></a>
                <?php else : ?>
-               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid.'&pid='.$entry->pid.'#pid'.$entry->pid ?>"><?php echo $entry->subject ?></a>
+               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid.'&pid='.$entry->pid.'#pid'.$entry->pid ?>"><?php echo htmlspecialchars($entry->subject) ?></a>
                <?php endif ?>
                <?php if($usernames) : ?>
-               by <a href="<?php echo $wordbb->mybb_url ?>/member.php?action=profile&uid=<?php echo $entry->uid ?>"><?php echo $entry->username ?></a>
+               by <a href="<?php echo $wordbb->mybb_url ?>/member.php?action=profile&uid=<?php echo $entry->uid ?>"><?php echo htmlspecialchars($entry->username) ?></a>
                <?php endif ?>
                </li>
<?php
BRLOGENSHFEGLE (core dumped)

The Bot Orchestra is back! | Xoylent Easter Egg | 5bots1piano
My music on Google Play and SoundCloud
Reply

#4
Nice one Smile
"Yes, there was a spambot some time ago on these forums." - aa
Reply

#5
Thank you divVerent Heart
[Image: vN3NkMA]
(Idea stolen from Mr. Bougo. Hehehehe)
Reply

#6
Can I delete this thread now?
[Image: 561.png]
"One should strive to achieve; not sit in bitter regret."
Reply

#7
I don't understand why the HTML tags are not converted to entities going INTO the database. Isn't it best to have it safe in the database and only convert back to real tags where needed?
"Yes, there was a spambot some time ago on these forums." - aa
Reply

#8
(05-22-2011, 05:31 AM)PinkRobot Wrote: I don't understand why the HTML tags are not converted to entities going INTO the database. Isn't it best to have it safe in the database and only convert back to real tags where needed?

That's probably what the author of the plugin thought Tongue. You should be HTML sanitising your input when you render it, otherwise you're still rendering raw HTML so that entities display correctly (which just leads to more breakage rather than fixing the issue).

If you don't sanitise your input when rendering BY DEFAULT then you are asking for problems. Unfortunately languages like PHP require you to explicitly escape input, whereas most templating languages (e.g. Jinja2) will do that for you.
[Image: vN3NkMA]
(Idea stolen from Mr. Bougo. Hehehehe)
Reply



Possibly Related Threads…
Thread Author Replies Views Last Post
  [SUGGESTION] Web facing Pickup page/site end user 6 6,361 08-27-2017, 07:08 PM
Last Post: end user
  [FIXED] Handle non-ASCII characters on http://dpmaster.deathmask.net/?game=xonotic Antares* 5 5,077 06-27-2017, 06:41 PM
Last Post: -z-
  [ACCEPTED] Bigger font size in console falco 6 5,473 04-22-2017, 12:42 PM
Last Post: -z-
Information [SUGGESTION] Fix and update bot movement Dazerio 6 5,722 06-11-2013, 10:01 AM
Last Post: Mepper
  [SUGGESTION] National Flags on new Xonotic page Majki 48 41,739 07-31-2012, 08:06 PM
Last Post: aa
  [SUGGESTION] Increase mixer headroom and fix the mute buttons. unfa 3 5,144 03-23-2012, 07:50 AM
Last Post: Mr. Bougo
  [SUGGESTION] Ability to adjust the size of the flares in the Low settings Shadowman84 2 4,617 02-20-2012, 03:22 PM
Last Post: hutty
Question [SUGGESTION] Board style critique The mysterious Mr. 4m 0 2,755 01-31-2012, 04:19 AM
Last Post: The mysterious Mr. 4m
Thumbs Up [SUGGESTION] Fix the (not) voting problem. unfa 23 24,889 08-27-2011, 10:28 AM
Last Post: O.I.B.
  [SUGGESTION] Fix high-ping strobe light effect? Dokujisan 5 6,502 02-05-2011, 04:14 AM
Last Post: chooksta

Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB original theme © iAndrew 2016, remixed by -z-