NineChime forum

Furry stuff, oekaki stuff, and other stuff.

You are not logged in.

Post a reply

Write your message and submit
Options
Humanity test

What is five + eight?

Go back

Topic review (newest first)

Jaapio
10-23-2006 03:20:16

I dont see any problems with formatting isues but that could just be me. I fixed this problem once for a board, it took about 10 seconds.
Edit:
You could replace $_COOKIE  withof $_SESSION. Session variables are stored on the server, this is (not surprisingly) more secure.
Just to prevent html/javascript trouble I modified the editprofile code like this

Code:

    $name       = htmlspecialchars( slashit($_POST['name']) , ENT_NOQUOTES);
    $email      = htmlspecialchars( slashit(trim ($_POST['email'])) , ENT_NOQUOTES);
    $age        = htmlspecialchars( decode_birthday($_POST['age_year'], $_POST['age_month'], $_POST['age_day']) , ENT_NOQUOTES);
    $gender     = htmlspecialchars( slashit($_POST['gender']) , ENT_NOQUOTES);
    $location   = slashit(htmlspecialchars (trim ($_POST['location'])), ENT_NOQUOTES);
    $url        = htmlspecialchars( slashit(trim ($_POST['url'])) , ENT_NOQUOTES);
    $aim        = htmlspecialchars( slashit($_POST['aim']) , ENT_NOQUOTES);
    $icq        = htmlspecialchars( slashit($_POST['icq']) , ENT_NOQUOTES);
    $msn        = htmlspecialchars( slashit($_POST['msn']) , ENT_NOQUOTES);
    $yahoo      = htmlspecialchars( slashit($_POST['yahoo']) , ENT_NOQUOTES);
    $ircserver  = htmlspecialchars( slashit($_POST['ircserver']) , ENT_NOQUOTES);
    $ircnick    = htmlspecialchars( slashit($_POST['ircnick']) , ENT_NOQUOTES);
    $ircchan    = htmlspecialchars( slashit($_POST['ircchan']) , ENT_NOQUOTES);
    $language2  = htmlspecialchars( slashit($_POST['language2']) , ENT_NOQUOTES);
    $ctemplate  = htmlspecialchars( slashit($_POST['ctemplate']) , ENT_NOQUOTES);
    $picview    = (int) $_POST['picview'];
    $thumbview  = (int) $_POST['thumbview'];
    $screensize = (int) $_POST['screensize'];
    $adult      = htmlspecialchars( $_POST['adult'] , ENT_NOQUOTES);
    $username2  = htmlspecialchars( slashit($_POST['username2']) , ENT_NOQUOTES);
    $oldpass    = slashit($_POST['oldpass']);
    $passwd     = slashit($_POST['passwd']);
    $passwdnew  = slashit($_POST['passwdnew']);
    $comment    = htmlspecialchars (trim ($_POST['comment']));
    $urltitle   = htmlspecialchars( slashit (trim ($_POST['urltitle'])) , ENT_NOQUOTES);

and the register code like:

Code:

    $username = htmlspecialchars( slashit($_POST['username']), ENT_NOQUOTES);
    $email    = htmlspecialchars( slashit(trim ($_POST['email'])), ENT_NOQUOTES);
    $age      = htmlspecialchars( decode_birthday($_POST['age_year'], $_POST['age_month'], $_POST['age_day']), ENT_NOQUOTES);
    $pass     = slashit($_POST['pass']);
    $pass2    = slashit($_POST['pass2']);
    $artURL   = htmlspecialchars( slashit(trim ($_POST['artURL'])), ENT_NOQUOTES);
    $comment2 = slashit(htmlspecialchars (trim ($_POST['comments'])), ENT_NOQUOTES);

p.s. I never tried it, owner of the board that I made these changes for never accepted the file...

Waccoon
10-21-2006 21:18:45

Thanks for the report.  Due to specifics, I've copied your comments elsewhere.  There are reasons why Wacintaki doesn't fully filter stuff (mostly, due to formatting issues), but I think I'll be able to fix these types of issues in the next release.

Jaapio
10-21-2006 09:36:56

Hi,

(Comments written down for reference)

- Jaapio

Board footer

Yep, still running PunBB
© Copyright 2002–2008 PunBB