MyBB Community Forums

Full Version: Security Questions with img-code
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

I'm having a little issue with the Security Questions. I have a few of those questions that contain images (something along the lines of Who is this? <img src="image_generator.php?id=42" />). The initial display is working fine but after hitting the refresh-button, the upcoming question has all html-tags replaced with the classic &gt; and &lt;.

Spoiler: I have it fixed myself. Personally, though, I think it's quite an ugly fix, so does anybody have an idea how to do it better / more properly?

Here's what I did:
  1. I've sorted the above issue out by editing xmlhttp.php (line 806), which originally reads:

    echo json_encode(array("question" => htmlspecialchars_uni($question['question']), 'sid' => htmlspecialchars_uni($question['sid'])));
    htmlspecialchars_uni() of the security-question is obviously causing this, so I got rid of it:

    echo json_encode(array("question" => $question['question'], 'sid' => htmlspecialchars_uni($question['sid'])));

  2. So far, so good, but now I get an error when I want to change the question:

    Quote:There was an error fetching the new question. The question you are trying to answer does not exist.
    I personally don't quite understand why this error-message gets triggered now, so I looked which line caused it (line 782):

    My solution was to comment it out.

  3. No errors, neat html-code coming out of xmlhttp.php. Problem: the response gets not parsed properly in the browser (the html-code gets immediately displayed instead of rendered). So, the remaining issue was in jscripts/question.js (line 33):

    // old: $("#question").text(json.question);
    $("#question").html(json.question); // works

These steps actually solved my issue(s) and I could probably live with that. However, I think that the solution has room for improvements (especially step 2). So, does anybody have an idea how to do it better? Thank you!