PDA

View Full Version : $userdata->set


woostar
09-30-2008, 05:29 PM
Just want to check something.

Variables used with $userdata->set , are these cleansed by vbulletin or do you have to clean the variable before saving to the users profile?

EG: $userdata->set('user_referrer', $user_referrer);
Does $user_referrer need to be cleansed?

Thanks,
W.>

Guest190829
09-30-2008, 05:31 PM
Just want to check something.

Variables used with $userdata->set , are these cleansed by vbulletin or do you have to clean the variable before saving to the users profile?

EG: $userdata->set('user_referrer', $user_referrer);

Thanks,
W.>

If it's a standard vBulletin data field being managed by a built in datamanager, you can assume it is being cleansed already.

woostar
09-30-2008, 05:53 PM
Hi Danny :)

Basically I want to save
$_COOKIE[COOKIE_PREFIX . 'user_referrer'] (Holding members first visit $_SERVER['HTTP_REFERER'])
using the register_addmember_process hook

But as a cookie can be manipulated I wondered if it needs to be made safe of if vB does it.

Guest190829
09-30-2008, 11:45 PM
Well the referer itself can be manipulated, is there a field in the database for that already? If not, you need to adjust the vBulletin datamanager before using it to add such a field.

woostar
10-01-2008, 11:37 AM
The mod is running and works (if just puts where the user came from on their file).
All I need to know is if data stored in the users profile using $userdata->set is made safe for the database. What I'm worried about is someone writing a SQL injection into $_COOKIE[COOKIE_PREFIX . 'user_referrer']