Best of Joomla! - Re:SOLVED! (Adding underscores)_link_ and _layer_

Welcome, Guest
Please Login or Register. Lost Password?

Community

FireBoard Forum

Latest Release

Solved IssuesThreads

SOLVED! (Adding underscores)_link_ and _layer_ (1 viewing) (1) Guest

Favoured: 23

Page:
<< Start < Prev 1 2 3 4 5 6 Next > End >>

TOPIC: SOLVED! (Adding underscores)_link_ and _layer_

Forum Tools

#31641

Re:(Adding underscores)_link_ and _layer_ 9 Months, 3 Weeks ago
Umm. It IS stickied. Has been for quite some time.

grumblemarc (User)

Platinum Boarder

Posts: 3557

Logged

The administrator has disabled public write access.

#32573

Re:_link_ and _layer_ 9 Months, 1 Week ago

I love Fireboard, and with every release I get excited about how its getting better and better. However, it boggles my mind that this "solution" of adding underscores was the method picked and determined to solve XSS vulnerabilities.

I know this is developed by people on their free time, but please, I'm begging you, think about problems or even ask for peoples opinions before making rash implementations to solve a "might exist" problem with a "guaranteed going to break certain common language words" solution.

I'm not trying to be a troll, I really am happy with Fireboard as a whole. I just get worried about its stability when instances like these show themselves.

Thank you guilleva! For your time and efforts toward a much more sensible solution.

Ritter (User)

Fresh Boarder

Posts: 5

Logged

Last Edit: 2007/11/28 20:13 By Ritter.

The administrator has disabled public write access.

#32586

Re:_link_ and _layer_ 9 Months, 1 Week ago

I am having an issue where messages that have already encoded html entities are getting encoded again.. I'll reply when I have a fix.

Ok, simple fix,.. convert the & to something that wont get encoded and then back.
In smile.class.php

Code:

       //$fb_message_txt = FBTools::fbRemoveXSS($fb_message_txt);

        $fb_message_txt = str_ireplace( '&', ':amp:', $fb_message_txt );

        $fb_message_txt = htmlentities($fb_message_txt);

        $fb_message_txt = str_ireplace( ':amp:', '&', $fb_message_txt );

Or a one-liner:

Code:

       //$fb_message_txt = FBTools::fbRemoveXSS($fb_message_txt);

        $fb_message_txt = str_ireplace( ':amp:', '&', htmlentities( str_ireplace( '&', ':amp:', $fb_message_txt ) ) );

Ritter (User)

Fresh Boarder

Posts: 5

Logged

Last Edit: 2007/11/28 22:52 By Ritter.

The administrator has disabled public write access.

#40122

Re:_link_ and _layer_ 7 Months, 2 Weeks ago

I sincerely appologize for the necromancy here, but I am brand new to Fireboard and Joomla. I am having the same problems on my forums. I know which file I have to change, and what I need to change within that file. My problem here is that using the little Fireboard Control Panel, I can't seem to access the file that is currently uploaded. It seems that the only option would be to completely uninstall the forums, then reinstall them with the edited file. Having never worked with a program like this, I don't feel comfortable doing this. I'm not gonna lie, I'm pretty much a noob when it comes to this stuff. Is there anyway to update just that file? I'm not sure if the backend I see is the same that everybody else see's or not. (Like I said, Noob) Any help here would be much appriciated.

-LiX

Lixypoo (User)

Fresh Boarder

Posts: 1

Logged

The administrator has disabled public write access.

#49602

Re:SOLVED! (Adding underscores)_link_ and _layer_ 4 Months, 1 Week ago
My php codes are also hidden, so no code is shown. How can I solve that?

topolivan (User)

Fresh Boarder

Posts: 2

Logged

The administrator has disabled public write access.

Page:
<< Start < Prev 1 2 3 4 5 6 Next > End >>

Forum List

Latest Release

Solved IssuesThreads