Contributed by: Dirk Sunday, September 28 2003 @ 04:45 am EDT
As you may have seen, someone messed up the layout of the site yesterday by posting some HTML in the shoutbox. The shoutbox code doesn't filter HTML at all which is, of course, a glaring omission.
So if you have the shoutbox installed on your site, you should fix it by adding a call to
strip_tags in the following two lines:
$shout_name = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_name"]));
$shout_message = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_message"]));
The shoutbox code linked from the original announcement[*1] of the shoutbox has been fixed accordingly.