Best of joomla gives you news, joomla templates, tutorials and websites about Joomla , FireBoard and FireMessage official page.
| No account yet?   |
Welcome, Guest
Please Login or Register.    Lost Password?
Community FireBoard Forum Latest Release Solved IssuesThreads
SOLVED! (Adding underscores)_link_ and _layer_ (1 viewing) (1) Guest
Go to bottom Favoured: 23
TOPIC: SOLVED! (Adding underscores)_link_ and _layer_
#20437
SOLVED! (Adding underscores)_link_ and _layer_ 1 Year, 1 Month ago  
When I type the word link or layer on my forum it gets changed to _link_ and _layer_ for some reason, any ideas?
Also, on my dark template, when I edit a post you have the edit reason box, the text "reason for editing" is black on black.
Forum can be found here: www.paradiselost.nl
Balador (User)
Fresh Boarder
Posts: 3
graphgraph
User Offline Click here to see the profile of this user
Logged Logged
 
Last Edit: 2007/12/19 14:53 By grumblemarc.
 
The administrator has disabled public write access.  
#20441
Re:_link_ and _layer_ 1 Year, 1 Month ago  
Same with the word script on my forum.
zammbi (User)
Junior Boarder
Posts: 28
graphgraph
User Offline Click here to see the profile of this user
Logged Logged
 
http://www.speedingpc.com - Repair, speed up and pimp your computer!
  
The administrator has disabled public write access.  
#20461
Re:_link_ and _layer_ 1 Year, 1 Month ago  
This was to quickly avoid XSS attacks but I guess I made it a bit rigorous. You can reduce the elements by editing class.fireboard.php
danialt (Admin)
BoJ Team
Simplicity
Administrator
Posts: 957
graphgraph
User Offline Click here to see the profile of this user
Gender: Male Birthdate: 1978-05-25
Logged Logged
 
Last Edit: 2007/09/07 08:39 By danialt.
 
Best Of Joomla Team
FireBoard Project Manager
  
The administrator has disabled public write access.  
#20500
Re:_link_ and _layer_ 1 Year, 1 Month ago  
Ok, found the line with these words, thanks for your help!
Any ideas on the dark template problem with the edit reason box?
Balador (User)
Fresh Boarder
Posts: 3
graphgraph
User Offline Click here to see the profile of this user
Logged Logged
 
The administrator has disabled public write access.  
#20639
Re:_link_ and _layer_ 1 Year, 1 Month ago  
Hmm. I do not know what a CSS attack is, but I know that the current behaviour makes many problems for my users.

What do you suggest as best method to get rid of the change of and words like uplink or unlinkable? Its kind of a mess now...
birdie60 (User)
Junior Boarder
Posts: 34
graphgraph
User Offline Click here to see the profile of this user
Logged Logged
 
The administrator has disabled public write access.  
#20670
Re:_link_ and _layer_ 1 Year, 1 Month ago  
XSS attack sorry.

As I said, edit class.fireboard.php and remove the elements you dont want. search for "script".
danialt (Admin)
BoJ Team
Simplicity
Administrator
Posts: 957
graphgraph
User Offline Click here to see the profile of this user
Gender: Male Birthdate: 1978-05-25
Logged Logged
 
Best Of Joomla Team
FireBoard Project Manager
  
The administrator has disabled public write access.  
#20674
Re:_link_ and _layer_ 1 Year, 1 Month ago  
No, _script_ is not found, without underscores yes.

I could live with the replacements, if it would not occur in the middle of a word, like un_link_able. Is there maybe a way to restrict replacements to whole words only? Would that be more secure than to just delete some words from the list in the mentioned class.fireboard.php?

I am no programmer; I just want to understand the effects of patching files in a production system.
birdie60 (User)
Junior Boarder
Posts: 34
graphgraph
User Offline Click here to see the profile of this user
Logged Logged
 
The administrator has disabled public write access.  
#20719
Re:_link_ and _layer_ 1 Year, 1 Month ago  
Then another thing here. I noticed that the addition of underscores to the dangerous words takes place, even if the underscores were added before!

This, for instance, could happen if a message containing some of these words was edited. In the end you have ___________link___________.

The algorithm should be more specific and test of really dangerous conditions and leave the words alone in other situations, imho.
birdie60 (User)
Junior Boarder
Posts: 34
graphgraph
User Offline Click here to see the profile of this user
Logged Logged
 
The administrator has disabled public write access.  
#20892
Re:_link_ and _layer_ 1 Year, 1 Month ago  
you can delete the first line as a whole. leave the second line.
danialt (Admin)
BoJ Team
Simplicity
Administrator
Posts: 957
graphgraph
User Offline Click here to see the profile of this user
Gender: Male Birthdate: 1978-05-25
Logged Logged
 
Best Of Joomla Team
FireBoard Project Manager
  
The administrator has disabled public write access.  
#21132
Re:_link_ and _layer_ 1 Year, 1 Month ago  
Thats what I did, and it works well for the user.
I'm just not sure if I am now vulnerable to this XSS attack thing!
birdie60 (User)
Junior Boarder
Posts: 34
graphgraph
User Offline Click here to see the profile of this user
Logged Logged
 
The administrator has disabled public write access.  
Go to top
Powered by FireBoardget the latest posts directly to your desktop