|
Re:(Adding underscores)_link_ and _layer_ 1 Year, 1 Month ago
|
|
|
Umm. It IS stickied. Has been for quite some time.
|
|
|
 Logged
|
|
|
|
|
|
Re:_link_ and _layer_ 1 Year, 1 Month ago
|
|
|
I love Fireboard, and with every release I get excited about how its getting better and better. However, it boggles my mind that this "solution" of adding underscores was the method picked and determined to solve XSS vulnerabilities.
I know this is developed by people on their free time, but please, I'm begging you, think about problems or even ask for peoples opinions before making rash implementations to solve a "might exist" problem with a "guaranteed going to break certain common language words" solution.
I'm not trying to be a troll, I really am happy with Fireboard as a whole. I just get worried about its stability when instances like these show themselves.
Thank you guilleva! For your time and efforts toward a much more sensible solution.
|
|
Ritter (User)
Fresh Boarder
Posts: 5
|
Logged
|
|
|
Last Edit: 2007/11/28 20:13 By Ritter.
|
|
|
|
|
|
Re:_link_ and _layer_ 1 Year, 1 Month ago
|
|
|
I am having an issue where messages that have already encoded html entities are getting encoded again.. I'll reply when I have a fix.
Ok, simple fix,.. convert the & to something that wont get encoded and then back.
In smile.class.php[code:1] //$fb_message_txt = FBTools::fbRemoveXSS($fb_message_txt);
$fb_message_txt = str_ireplace( '&', ':amp:', $fb_message_txt );
$fb_message_txt = htmlentities($fb_message_txt);
$fb_message_txt = str_ireplace( ':amp:', '&', $fb_message_txt );[/code:1]
Or a one-liner:[code:1] //$fb_message_txt = FBTools::fbRemoveXSS($fb_message_txt);
$fb_message_txt = str_ireplace( ':amp:', '&', htmlentities( str_ireplace( '&', ':amp:', $fb_message_txt ) ) );[/code:1]
|
|
Ritter (User)
Fresh Boarder
Posts: 5
|
Logged
|
|
|
Last Edit: 2007/11/28 22:52 By Ritter.
|
|
|
|
|
|
Re:_link_ and _layer_ 11 Months, 3 Weeks ago
|
|
|
I sincerely appologize for the necromancy here, but I am brand new to Fireboard and Joomla. I am having the same problems on my forums. I know which file I have to change, and what I need to change within that file. My problem here is that using the little Fireboard Control Panel, I can't seem to access the file that is currently uploaded. It seems that the only option would be to completely uninstall the forums, then reinstall them with the edited file. Having never worked with a program like this, I don't feel comfortable doing this. I'm not gonna lie, I'm pretty much a noob when it comes to this stuff. Is there anyway to update just that file? I'm not sure if the backend I see is the same that everybody else see's or not. (Like I said, Noob) Any help here would be much appriciated.
-LiX
|
|
Lixypoo (User)
Fresh Boarder
Posts: 1
|
Logged
|
|
|
|
|
|
Re:SOLVED! (Adding underscores)_link_ and _layer_ 8 Months, 2 Weeks ago
|
|
|
My php codes are also hidden, so no code is shown.
How can I solve that?
|
|
|
Logged
|
|
|
|
|
|
