|
#1
|
||||
|
||||
YSE PRE7 Bugs and Holes!
Small security fix! Open takeprofedit.php
Find this Code:
if (!preg_match('#^((http)|(ftp):\/\/[a-zA-Z0-9\-]+?\.([a-zA-Z0-9\-]+\.)+[a-zA-Z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar)) newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']); Code:
if(!preg_match("/^http:\/\/[^\s'\"<>?;&]+[^.]+\/+[a-z]+\.(jpg|gif|png)$/i", $avatar)) newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']); Last edited by kp380lv; 28th November 2008 at 12:45. |
#2
|
|||
|
|||
Sweet, I have had this problem with linked avatars, it always tells me that the size of the avatar itself is too huge, when infact that's a false statement!
After your security fix, I encountered an even mightier foe. It now tells me: Quote:
|
#3
|
||||
|
||||
problem is in other place with that invalid adress link:) This fix is for security - lil bit paranoid (safer) script :D
|
Tags |
bugs , holes , pre7 , yse |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
YSE v2.2 PRE7 by BoLaMN | kp380lv | Yuna Scatari Edition (YSE) | 100 | 13th November 2013 01:30 |
YSE PRE7 - Security & Bugs | kp380lv | Yuna Scatari Edition (YSE) | 18 | 2nd July 2010 00:18 |
Security holes in Tbdev | Matroska | TBDev | 1 | 20th December 2008 20:06 |
3 Bugs in 4.3 (For me) | D3SI | Template Shares | 7 | 19th July 2008 23:52 |