I needed more character limit for templates so I changed it to medium text so I can put more HTML in it.
Will this pose any security, performance or any issues?
I changed it because I needed to add about 130k characters of HTML due to a large table.
MEDIUMTEXT:16,777,215
I am not even close to this, just double a normal 65355. I tested the page and the page loads instantly so doesn't seem to be a performance issue that I can notice. But unsure if this would even cause a security issue?
Your inserting raw html and javascript directly into it, of course thats a security issue. Your open to sql injection. Mybb sanitizes html etc.... thats entered into the database.
http://community.mybb.com/thread-116225.html
So when everyone uses this tutorial to make there own custom pages the html/php/js they add are just being put straight into the DB and they are having security issues? I am sure thousands of MyBB sites that have used this tutorial to make pages.
Your not inserting anything into the database using that method.
With that method you do insert into the database. You insert into the templates. This was the issue I have been having, I cant add all the text to the DB so I had to make it mediumlength.
Oh yea sorry you do, I didn't look at it correctly.
(2013-03-20, 09:46 PM)Jambuster Wrote: [ -> ]Your inserting raw html and javascript directly into it, of course thats a security issue. Your open to sql injection. Mybb sanitizes html etc.... thats entered into the database.
lol what
"raw html"? What do you define as raw html? Also, how does javascript leave me open to SQL injection..that has nothing to do with it. Please educate yourself before you tell users they're in the wrong.
As for the question OP, it shouldn't be a problem, but wait till someone else comes around.
it is not an issue for security, but it is an performance issue. All template calls are now reading in 300x more bytes in memory than you need.
how are you building the html? if you have a large table, why not use a template in a template? the main template holds the main page output and the table opening, header and closing along with a {$table_rows} before the close of the table.
then another template that is {$table_row} where you populate the row and append it to {$table_rows} variable.
This way there is no need to store the entire table contents in the template, dump it on the fly.
You literally told the OP that you DONT KNOW if its safe or not at the end of your post. Its you that needs to educate yourself before you come on blabbering gibberish.
He's using a template that contains javascript. The html has user input, which if not sanitized is open to sql injection.
Don't come on here mouthing off on something you are obviously oblivious to.
(2013-03-20, 10:54 PM)Jambuster Wrote: [ -> ]You literally told the OP that you DONT KNOW if its safe or not at the end of your post. Its you that needs to educate yourself before you come on blabbering gibberish.
He's using a template that contains javascript. The html has user input, which if not sanitized is open to sql injection.
Don't come on here mouthing off on something you are obviously oblivious to.
The whole table structure (<table><tr><td>Content</td></tr></table> is html only (with javascript) and those inputs aren't even connected to forum db.His html code has huge amount of lines and after saving the pasted content in template half of the pasted content is gone.His question would be "is there any way to increase character limit in forum templates so that he can paste his html content inside without automatic erasing half of the pasted content after the template is saved".