Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Yuna Scatari Edition (YSE) (http://www.bvlist.com/forumdisplay.php?f=22)
-   -   YSE PRE7 Bugs and Holes! (http://www.bvlist.com/showthread.php?t=1489)

kp380lv 28th November 2008 10:06
YSE PRE7 Bugs and Holes!
 
Small security fix! Open takeprofedit.php

Find this

Code:

if (!preg_match('#^((http)|(ftp):\/\/[a-zA-Z0-9\-]+?\.([a-zA-Z0-9\-]+\.)+[a-zA-Z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar))
                    newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);
And replace with this:

Code:

if(!preg_match("/^http:\/\/[^\s'\"<>?;&]+[^.]+\/+[a-z]+\.(jpg|gif|png)$/i", $avatar))
                                        newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);

informatic 28th November 2008 15:48
Sweet, :ok: I have had this problem with linked avatars, it always tells me that the size of the avatar itself is too huge, when infact that's a false statement! :sad:

After your security fix, I encountered an even mightier foe. It now tells me:
Quote:
Error
Invalid avatar address (Please paste a direct link to image file).
Yes, I know what that means and yes it is direct linked to an image file. :P

kp380lv 28th November 2008 17:24
problem is in other place with that invalid adress link:) This fix is for security - lil bit paranoid (safer) script :D


All times are GMT +2. The time now is 01:04.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.