2015-02-21, 07:35 PM
Hello!
I am migrating a Forum, there is no converting-Tool aviable, so I will have to create my own.
I try to add every BBCode, which works in the old forum, but not in the new one. One of the is
My Regex looks like this:
What I am wordering about is [^"&]. The " is to make sure, that it doesn't break out of the html-URL. The & is to make sure, it doesn't add GET-Parameters. Is there something else, I need to disallow to be secure? Is memberlist.php built to ressist XSS-Attacks by Username? Is there a Regex, an usename has to pass on registration?
Thanks in advance ...
Thomas
I am migrating a Forum, there is no converting-Tool aviable, so I will have to create my own.
I try to add every BBCode, which works in the old forum, but not in the new one. One of the is
[user]username[/user]
My Regex looks like this:
\[user\]([^"&]+?)\[/user\]
and it will be replaced with:<a href="../memberlist.php?username=$1">$1</a>
What I am wordering about is [^"&]. The " is to make sure, that it doesn't break out of the html-URL. The & is to make sure, it doesn't add GET-Parameters. Is there something else, I need to disallow to be secure? Is memberlist.php built to ressist XSS-Attacks by Username? Is there a Regex, an usename has to pass on registration?
Thanks in advance ...
Thomas