Welcome to Geeklog, Anonymous Tuesday, November 12 2024 @ 09:55 pm EST

Fix your Shoutbox!

  • Sunday, September 28 2003 @ 04:45 am EDT
  • Contributed by:
  • Views: 16,943
Security

As you may have seen, someone messed up the layout of the site yesterday by posting some HTML in the shoutbox. The shoutbox code doesn't filter HTML at all which is, of course, a glaring omission.

So if you have the shoutbox installed on your site, you should fix it by adding a call to strip_tags in the following two lines:

$shout_name = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_name"]));
$shout_message = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_message"]));

The shoutbox code linked from the original announcement of the shoutbox has been fixed accordingly.

bye, Dirk