Furry stuff, oekaki stuff, and other stuff.
You are not logged in.
I dont see any problems with formatting isues but that could just be me. I fixed this problem once for a board, it took about 10 seconds.
Edit:
You could replace $_COOKIE withof $_SESSION. Session variables are stored on the server, this is (not surprisingly) more secure.
Just to prevent html/javascript trouble I modified the editprofile code like this
$name = htmlspecialchars( slashit($_POST['name']) , ENT_NOQUOTES);
$email = htmlspecialchars( slashit(trim ($_POST['email'])) , ENT_NOQUOTES);
$age = htmlspecialchars( decode_birthday($_POST['age_year'], $_POST['age_month'], $_POST['age_day']) , ENT_NOQUOTES);
$gender = htmlspecialchars( slashit($_POST['gender']) , ENT_NOQUOTES);
$location = slashit(htmlspecialchars (trim ($_POST['location'])), ENT_NOQUOTES);
$url = htmlspecialchars( slashit(trim ($_POST['url'])) , ENT_NOQUOTES);
$aim = htmlspecialchars( slashit($_POST['aim']) , ENT_NOQUOTES);
$icq = htmlspecialchars( slashit($_POST['icq']) , ENT_NOQUOTES);
$msn = htmlspecialchars( slashit($_POST['msn']) , ENT_NOQUOTES);
$yahoo = htmlspecialchars( slashit($_POST['yahoo']) , ENT_NOQUOTES);
$ircserver = htmlspecialchars( slashit($_POST['ircserver']) , ENT_NOQUOTES);
$ircnick = htmlspecialchars( slashit($_POST['ircnick']) , ENT_NOQUOTES);
$ircchan = htmlspecialchars( slashit($_POST['ircchan']) , ENT_NOQUOTES);
$language2 = htmlspecialchars( slashit($_POST['language2']) , ENT_NOQUOTES);
$ctemplate = htmlspecialchars( slashit($_POST['ctemplate']) , ENT_NOQUOTES);
$picview = (int) $_POST['picview'];
$thumbview = (int) $_POST['thumbview'];
$screensize = (int) $_POST['screensize'];
$adult = htmlspecialchars( $_POST['adult'] , ENT_NOQUOTES);
$username2 = htmlspecialchars( slashit($_POST['username2']) , ENT_NOQUOTES);
$oldpass = slashit($_POST['oldpass']);
$passwd = slashit($_POST['passwd']);
$passwdnew = slashit($_POST['passwdnew']);
$comment = htmlspecialchars (trim ($_POST['comment']));
$urltitle = htmlspecialchars( slashit (trim ($_POST['urltitle'])) , ENT_NOQUOTES);and the register code like:
$username = htmlspecialchars( slashit($_POST['username']), ENT_NOQUOTES);
$email = htmlspecialchars( slashit(trim ($_POST['email'])), ENT_NOQUOTES);
$age = htmlspecialchars( decode_birthday($_POST['age_year'], $_POST['age_month'], $_POST['age_day']), ENT_NOQUOTES);
$pass = slashit($_POST['pass']);
$pass2 = slashit($_POST['pass2']);
$artURL = htmlspecialchars( slashit(trim ($_POST['artURL'])), ENT_NOQUOTES);
$comment2 = slashit(htmlspecialchars (trim ($_POST['comments'])), ENT_NOQUOTES);p.s. I never tried it, owner of the board that I made these changes for never accepted the file...
Thanks for the report. Due to specifics, I've copied your comments elsewhere. There are reasons why Wacintaki doesn't fully filter stuff (mostly, due to formatting issues), but I think I'll be able to fix these types of issues in the next release.
Hi,
(Comments written down for reference)
- Jaapio