2007-06-27, 05:18 PM
Ok, this one's a rare bug. But there's a user in my forum with username "^_^". hehe :p ..
Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.
See this:
and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with "e;. Fix is to use htmlspecialchars_uni().
Replace in private.php:
with:
Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.
See this:
<input type="text" class="textbox" name="to" id="to" size="40" maxlength="30" value=""^_^"" tabindex="1" />
and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with "e;. Fix is to use htmlspecialchars_uni().
Replace in private.php:
$to = $user['username'];
with:
$to = htmlspecialchars_uni($user['username']);