Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Yuna Scatari Edition (YSE)
Reply
  #1  
Old 28th November 2008, 10:06
kp380lv's Avatar
kp380lv kp380lv is offline
Senior Member
 
Join Date: May 2008
Latvia
Posts: 388
Post YSE PRE7 Bugs and Holes!
Small security fix! Open takeprofedit.php

Find this

Code:
if (!preg_match('#^((http)|(ftp):\/\/[a-zA-Z0-9\-]+?\.([a-zA-Z0-9\-]+\.)+[a-zA-Z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar))
                    newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);
And replace with this:

Code:
if(!preg_match("/^http:\/\/[^\s'\"<>?;&]+[^.]+\/+[a-z]+\.(jpg|gif|png)$/i", $avatar))
					newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);

Last edited by kp380lv; 28th November 2008 at 12:45.
Reply With Quote
  #2  
Old 28th November 2008, 15:48
informatic informatic is offline
Senior Member
 
Join Date: Oct 2008
Sweden
Posts: 59
Default
Sweet, I have had this problem with linked avatars, it always tells me that the size of the avatar itself is too huge, when infact that's a false statement!

After your security fix, I encountered an even mightier foe. It now tells me:
Quote:
Error
Invalid avatar address (Please paste a direct link to image file).
Yes, I know what that means and yes it is direct linked to an image file. :P
Reply With Quote
  #3  
Old 28th November 2008, 17:24
kp380lv's Avatar
kp380lv kp380lv is offline
Senior Member
 
Join Date: May 2008
Latvia
Posts: 388
Smile
problem is in other place with that invalid adress link:) This fix is for security - lil bit paranoid (safer) script :D
Reply With Quote
Reply

Tags
bugs , holes , pre7 , yse

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
YSE v2.2 PRE7 by BoLaMN kp380lv Yuna Scatari Edition (YSE) 100 13th November 2013 01:30
YSE PRE7 - Security & Bugs kp380lv Yuna Scatari Edition (YSE) 18 2nd July 2010 00:18
Security holes in Tbdev Matroska TBDev 1 20th December 2008 20:06
3 Bugs in 4.3 (For me) D3SI Template Shares 7 19th July 2008 23:52



All times are GMT +2. The time now is 16:07. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.