[FIXED for 7.4.1] [7.4] html security bug custom member title - UBB.threads PHP Forum Software Community

You are not logged in. [Log In] UBB.threads PHP Forum Software Community » Forums » UBB.threads 7 Discussion » Bug Reports
» Fixed Bugs » [FIXED for 7.4.1] [7.4] html security bug custom member title

Site Links

Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com

Top Posters (30 Days)

Ruben	51
Gizmo	24
DennyP	24
Dunny	15
SteveS	14
AllenAyres	12
SD	10
dbremer	10
drkknght00	9
doug	8

Latest Photos

Basildon Town Centre looking from the rounderbout

Topic Options

#218448 - 10/27/08 08:34 AM

[FIXED for 7.4.1] [7.4] html security bug custom member title

Yarp™

Registered: 08/30/06
Posts: 1513
Loc: Breda, NL

/admin/changeuser.php

Line 66:

Php Code:


$usertitle = get_input("usertitle","post");

Line 109-111

Php Code:


if (preg_match("/Moderator/",$user['USER_MEMBERSHIP_LEVEL'])) {
	$user_title = preg_replace("<","&lt;",$user_title);
} // end if

$usertitle vs $user_title. There's no html cleanup done that is supposed to happen if you're a moderator.

_________________________

Top

Express Hosting

Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."

Previous Topic

Index

Next Topic

Hop to:

Moderator: AllenAyres, Harold, Ian, Ron M

Shout Box

May
Su	M	Tu	W	Th	F	Sa
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Today's Birthdays

No Birthdays

Recent Topics

Temporary Password email not being received
by
05/24/12 10:02 PM

Ability to "like" individual posts (not Facebook "likes)
by doug
05/23/12 09:03 AM

Island Permissions
by ThreadsUser
05/22/12 03:03 PM

streaming video
by prkrgrp
05/20/12 07:02 PM

New Posts Corrupted? Can someone help?
by PianoWorld
05/19/12 09:41 AM

Forum Stats

10492 Members
36 Forums
33842 Topics
181709 Posts

Max Online: 978 @ 06/24/07 11:19 PM

Random Image