Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Recipient field empty when replying to a user with double quote character in username
#1
Ok, this one's a rare bug. But there's a user in my forum with username "^_^". hehe :p ..

Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.

See this:
Code:
<input type="text" class="textbox" name="to" id="to" size="40" maxlength="30" value=""^_^"" tabindex="1" />

and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with &quote;. Fix is to use htmlspecialchars_uni().

Replace in private.php:
PHP Code:
$to $user['username']; 

with:
PHP Code:
$to htmlspecialchars_uni($user['username']); 
#2
This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.
Dennis Tsang
http://dennistt.net


Forum Jump:


Users browsing this thread: 1 Guest(s)