Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Recipient field empty when replying to a user with double quote character in username
#1
Ok, this one's a rare bug. But there's a user in my forum with username "^_^". hehe :p ..

Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.

See this:
<input type="text" class="textbox" name="to" id="to" size="40" maxlength="30" value=""^_^"" tabindex="1" />

and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with &quote;. Fix is to use htmlspecialchars_uni().

Replace in private.php:
$to = $user['username'];

with:
$to = htmlspecialchars_uni($user['username']);


Messages In This Thread
[F] Recipient field empty when replying to a user with double quote character in username - by Asad_Niazi - 06-27-2007, 05:18 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)