I just got an PM on here, when I got to the inbox it said " [tpiecer yned]"
Everything in the source was backwards aswell here is the sourcecode:
<tr>
<!-- start: private_messagebit -->
<tr>
<td align="center" class="trow1" width="5%"><img src="images/old_pm.gif" alt="Old Message"/></td>
<td align="center" class="trow2" width="5%"></td>
<td class="trow1" width="35%"><a href="private.php?action=read&pmid=15764"> </a></td>
<td align="center" class="trow2">CasTexx</td>
<td class="trow1" align="right" style="white-space: nowrap"><span class="smalltext">Today, 10:07 PM </span></td>
<td class="trow2" align="center"><input type="checkbox" class="checkbox" name="check[15764]" value="yes" /></td>
</tr>
We are aware of this bug.
This bug has been fixed in the latest code.
Please note the latest code is not live on the site or for download. An update will be released which contains this fix.
Attached are the 2 files changed in order to fix this bug. (took me god long enough to figure it out)
Tikitiki Wrote:(took me god long enough to figure it out)
Yeah, I was gonna say...WTF???
Well the problem was a problem with PHP not supporting UTF fully (until php 6 atleast), so it was a matter of improvising and finding out the correct way of removing it. With a little help, I was able to figure out a way to remove it to it's ascii equivalent.
What turned out to be a surprisingly hard and challenging bug to fix turned into a simple solution I would have never thought of until this very moment. Technically it's not a 'bug' because what happened is someone pasted the RTL character a few times over in the subject and message to bypass the minimum length checking, and it's an invisible character used for example by Arabic users to change from RTL to LTR, etc. So, what I've done in the example below is remove any RTL or LTR characters from the string when checking the length so the my_strlen function doesn't count them. This allows us to require at least 1 alphanumeric letter
function my_strlen($string)
{
global $lang;
$string = preg_replace("#&\#(0-9]+);#", "-", $string);
$string = trim($string);
if($lang->settings['charset'] == "UTF-8")
{
// Get rid of any excess RTL and LTR override for they are the workings of the devil
$string = str_replace(dec_to_utf8(8238), "", $string);
$string = str_replace(dec_to_utf8(8237), "", $string);
// Remove dodgy whitspaces
$string = str_replace(chr(0xCA), "", $string);
}
if(function_exists("mb_strlen"))
{
$string_length = mb_strlen($string);
}
else
{
$string_length = strlen($string);
}
return $string_length;
}
Just replace the my_strlen function with the function above in your functions.php file or upload the attached functions.php below. I would like to have a few people test this with the RTL/LTR characters before I mark this as fixed. Attached (kod.txt) is the RTL character you can test with. Just highlight the invisible character within the file, copy and paste into subject/message and test the minimum checking.
Cheers,
Tikitiki
This bug has been fixed in the latest code.
Please note the latest code is not live on the site or for download. An update will be released which contains this fix.