Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 10:55 am EDT

Fix your Shoutbox!

  • Sunday, September 28 2003 @ 04:45 am EDT
  • Contributed by:
  • Views: 16,509
Security

As you may have seen, someone messed up the layout of the site yesterday by posting some HTML in the shoutbox. The shoutbox code doesn't filter HTML at all which is, of course, a glaring omission.

So if you have the shoutbox installed on your site, you should fix it by adding a call to strip_tags in the following two lines:

$shout_name = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_name"]));
$shout_message = COM_checkWords (strip_tags ($HTTP_POST_VARS["shout_message"]));

The shoutbox code linked from the original announcement of the shoutbox has been fixed accordingly.

bye, Dirk