Register Log In

UBB.threads PHP Forum Software Community Forums General Suggestions and Feedback striptags on useragent in Who's Online...

Print Thread

Hop To

striptags on useragent in Who's Online... #196070 09/02/2007 8:22 PM
Joined: Jun 2006 Posts: 16,299 Likes: 116 Portland, OR; USA Gizmo
Gizmo Joined: Jun 2006 Posts: 16,299 Likes: 116 Portland, OR; USA	Well, I get a frantic set of messages from a client this morning; their site is "automagically" forwarding all users who view the Who's Online to a 3rd party website... Thinking they've been hacked, they're quite worried... So, I dive in and mess around, and google the site they're being redirected to... seems the User Agent of the site is: Code <SCRIPT>window.location='http://www.syncrisis.com'</script> (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727) Also have seen: Code "<SCRIPT>window.location='http://www.syncrisis.com'</script> (compatible; MSIE 7.0; Windows NT 5.1)" Curious if we can get strip_tags on the user agent field in the WOL page so "abusive bots" can't embed scripts... I see it as quite a little security issue... I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums. Do you need Forum Install or Upgrade Services? Forums: A Gardeners Forum, Scouters World UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps Longtime Supporter & Resident Post-A-Holic VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Re: striptags on useragent in Who's Online... Gizmo #196071 09/02/2007 8:23 PM
Joined: Jun 2006 Posts: 1,344 NY G gliderdad veteran
gliderdad veteran G Joined: Jun 2006 Posts: 1,344 NY	Nice catch, good idea

Re: striptags on useragent in Who's Online... Gizmo #196073 09/02/2007 8:28 PM
Joined: Jun 2006 Posts: 196 I Ian Spence enthusiast
Ian Spence enthusiast I Joined: Jun 2006 Posts: 196	I really don't like using strip_tags on things since it isn't really related to the problem (the problem being we don't escape agent strings), so the useragent is now passed through htmlspecialchars

Re: striptags on useragent in Who's Online... Ian Spence #196074 09/02/2007 8:30 PM
Joined: Jun 2006 Posts: 16,299 Likes: 116 Portland, OR; USA Gizmo
Gizmo Joined: Jun 2006 Posts: 16,299 Likes: 116 Portland, OR; USA	Danka Ian ... Figured, there's numerous ways to get it all routed so it's not parsed (strip_tags, htmlspecialchars, regex, str_replace, etc etc etc). I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums. Do you need Forum Install or Upgrade Services? Forums: A Gardeners Forum, Scouters World UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps Longtime Supporter & Resident Post-A-Holic VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Re: striptags on useragent in Who's Online... Gizmo #196075 09/02/2007 8:31 PM
Joined: Jun 2006 Posts: 1,344 NY G gliderdad veteran
gliderdad veteran G Joined: Jun 2006 Posts: 1,344 NY	Cool, thanx

Link Copied to Clipboard

Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.

Bots
by Outdoorking - 04/13/2024 5:08 PM

Can you add html to language files?
by Baldeagle - 04/07/2024 2:41 PM

Do I need to rebuild my database?
by Baldeagle - 04/07/2024 2:58 AM

This is not a bug, but a suggestion
by Baldeagle - 04/05/2024 11:25 PM

spam issues
by ECNet - 03/19/2024 11:45 PM

Who's Online Now

2 members (ahmed047, Nightcrawler), 615 guests, and 132 robots.

Key: Admin, Global Mod, Mod

Random Gallery Image

Latest Gallery Images

Los Angeles

Los Angeles
by isaac, August 6

3D Creations

3D Creations
by JAISP, December 30

Artistic structures

Artistic structures
by isaac, August 29

Stones

Stones
by isaac, August 19

Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)