Contributed by: Dirk on Sunday, September 28 2003 @ 04:45 am EDT
Last modified on
As you may have seen, someone messed up the layout of the site yesterday by posting some HTML in the shoutbox. The shoutbox code doesn't filter HTML at all which is, of course, a glaring omission.
So if you have the shoutbox installed on your site, you should fix it by adding a call to strip_tags
in the following two lines:
$shout_name = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_name"]));
$shout_message = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_message"]));
The shoutbox code linked from the original announcement[*1] of the shoutbox has been fixed accordingly.
bye, Dirk