BoLaMN
You don't know NOTHING about Nehalem...so keep your mouth...*****.
Bigjoos no offence but you ask questions like kid..in my opinion safer is better and thats all..
In simpaty.php is
XSS..
PHP Code:
$type = $_GET['type'];
better..
PHP Code:
$type = htmlentities($_GET['type']);
users.php
PHP Code:
$search = trim($_GET['search']);
better should be..
PHP Code:
$search = htmlentities(trim($_GET['search']));
XSS possibility having moderator rights...so it's NOT safe source CODE!
UPDATE:
message.php
PHP Code:
$from_is = unesc($_POST['pmees']);
should change to:
PHP Code:
$from_is = mysql_real_escape_string(unesc($_POST['pmees']));
This also in message.php
PHP Code:
$n_pms = 0 + $_POST['n_pms'];
$comment = $_POST['comment'];
Change to:
PHP Code:
$n_pms = (int) $_POST['n_pms'];
$comment = (string) $_POST['comment'];
XSS + SQL injection...