Current time: 04-24-2014, 06:44 PM Hello There, Guest! (LoginRegister)


 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Recipient field empty when replying to a user with double quote character in username
06-27-2007, 05:18 PM
Post: #1
[F] Recipient field empty when replying to a user with double quote character in username
Ok, this one's a rare bug. But there's a user in my forum with username "^_^". hehe Toungue ..

Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.

See this:
Code:
<input type="text" class="textbox" name="to" id="to" size="40" maxlength="30" value=""^_^"" tabindex="1" />

and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with &quote;. Fix is to use htmlspecialchars_uni().

Replace in private.php:
PHP Code:
$to $user['username']; 

with:
PHP Code:
$to htmlspecialchars_uni($user['username']); 

Linux Server overloading explained
Move MySQL to a second drive
Visit this user's website Find all posts by this user
06-27-2007, 06:47 PM
Post: #2
RE: Recipient field empty when replying to a user with double quote character in username
This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.

Dennis Tsang
http://dennistt.net
Find all posts by this user


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication