|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 336 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
Re: (Score: 0) by Anonymous on Tuesday, February 04 @ 05:27:15 CET | All I did was alter modules/Your_Account/index.php after:
if (!eregi("modules.php", $PHP_SELF)) {
die ("You can't access this file directly...");
}
I added:
if (isset($user_avatar)){
$user_avatar = mysql_escape_string(htmlspecialchars(stripslashes($user_avatar)));
}
The avatars are kept and the worst a kiddie could do is make their own avatar a broken image. No more XSS. |
| Parent- Re: by Zhen-Xjell on Tuesday, February 04 @ 05:30:34 CET
- Re: by Anonymous on Tuesday, February 04 @ 05:40:48 CET
- Re: by Zhen-Xjell on Tuesday, February 04 @ 05:46:36 CET
- Re: by sixonetonoffun on Tuesday, February 04 @ 09:49:58 CET
- Re: by Zhen-Xjell on Tuesday, February 04 @ 14:33:00 CET
- Re: by sixonetonoffun on Tuesday, February 04 @ 21:26:49 CET
| | | | | |
|