Create an account


Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SUGGESTION] <a href="http://tinyurl.com/sydma" style="font-size: 4em;">Fix the front page NOW</a>

#1
Really, I hate this bug.
BRLOGENSHFEGLE (core dumped)

The Bot Orchestra is back! | Xoylent Easter Egg | 5bots1piano
My music on Google Play and SoundCloud
Reply

#2
I can see why this is annoying. And possibly compromising security.
(08-10-2012, 02:37 AM)Mr. Bougo Wrote: Cloud is the new Web 2.0. It makes no damn sense to me.
Reply

#3
Fixed it.

Code:
rpolzer@srv01:/home/httpd/xonotic.org/HTML$ diff -u /tmp/wordbb.php wp-content/plugins/wordbb/wordbb.php
--- /tmp/wordbb.php     2011-05-21 13:58:20.718413641 +0200
+++ wp-content/plugins/wordbb/wordbb.php        2011-05-21 13:58:00.168429991 +0200
@@ -373,12 +373,12 @@
?>
                <li>
                <?php if($mode=='threads') : ?>
-               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid ?>"><?php echo $entry->subject ?></a>
+               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid ?>"><?php echo htmlspecialchars($entry->subject) ?></a>
                <?php else : ?>
-               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid.'&pid='.$entry->pid.'#pid'.$entry->pid ?>"><?php echo $entry->subject ?></a>
+               <a href="<?php echo $wordbb->mybb_url.'/showthread.php?tid='.$entry->tid.'&pid='.$entry->pid.'#pid'.$entry->pid ?>"><?php echo htmlspecialchars($entry->subject) ?></a>
                <?php endif ?>
                <?php if($usernames) : ?>
-               by <a href="<?php echo $wordbb->mybb_url ?>/member.php?action=profile&uid=<?php echo $entry->uid ?>"><?php echo $entry->username ?></a>
+               by <a href="<?php echo $wordbb->mybb_url ?>/member.php?action=profile&uid=<?php echo $entry->uid ?>"><?php echo htmlspecialchars($entry->username) ?></a>
                <?php endif ?>
                </li>
<?php
BRLOGENSHFEGLE (core dumped)

The Bot Orchestra is back! | Xoylent Easter Egg | 5bots1piano
My music on Google Play and SoundCloud
Reply

#4
Nice one Smile
"Yes, there was a spambot some time ago on these forums." - aa
Reply

#5
Thank you divVerent Heart
[Image: vN3NkMA]
(Idea stolen from Mr. Bougo. Hehehehe)
Reply

#6
Can I delete this thread now?
[Image: 561.png]
"One should strive to achieve; not sit in bitter regret."
Reply

#7
I don't understand why the HTML tags are not converted to entities going INTO the database. Isn't it best to have it safe in the database and only convert back to real tags where needed?
"Yes, there was a spambot some time ago on these forums." - aa
Reply

#8
(05-22-2011, 05:31 AM)PinkRobot Wrote: I don't understand why the HTML tags are not converted to entities going INTO the database. Isn't it best to have it safe in the database and only convert back to real tags where needed?

That's probably what the author of the plugin thought Tongue. You should be HTML sanitising your input when you render it, otherwise you're still rendering raw HTML so that entities display correctly (which just leads to more breakage rather than fixing the issue).

If you don't sanitise your input when rendering BY DEFAULT then you are asking for problems. Unfortunately languages like PHP require you to explicitly escape input, whereas most templating languages (e.g. Jinja2) will do that for you.
[Image: vN3NkMA]
(Idea stolen from Mr. Bougo. Hehehehe)
Reply



Possibly Related Threads...
Thread Author Replies Views Last Post
  [SUGGESTION] Web facing Pickup page/site end user 9 2,449 08-29-2017, 03:43 AM
Last Post: Lyberta
  [FIXED] Handle non-ASCII characters on http://dpmaster.deathmask.net/?game=xonotic Antares* 5 2,226 06-27-2017, 06:41 PM
Last Post: -z-
  [ACCEPTED] Bigger font size in console falco 10 2,779 04-22-2017, 12:42 PM
Last Post: -z-
  [SUGGESTION] National Flags on new Xonotic page Majki 48 25,354 07-31-2012, 08:06 PM
Last Post: aa
  [SUGGESTION] Ability to adjust the size of the flares in the Low settings Shadowman84 2 3,235 02-20-2012, 03:22 PM
Last Post: hutty
Question [SUGGESTION] Board style critique The mysterious Mr. 4m 0 1,946 01-31-2012, 04:19 AM
Last Post: The mysterious Mr. 4m
  [SUGGESTION] art style "your thoughts" mr green 1 2,554 05-31-2010, 08:25 AM
Last Post: mand1nga
  [SUGGESTION] make xonotic live page mitcoes 7 7,046 04-13-2010, 11:06 AM
Last Post: od@r

Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB original theme © iAndrew 2016, remixed by -z-