View Full Version : $userdata->set
woostar
09-30-2008, 05:29 PM
Just want to check something.
Variables used with $userdata->set , are these cleansed by vbulletin or do you have to clean the variable before saving to the users profile?
EG: $userdata->set('user_referrer', $user_referrer);
Does $user_referrer need to be cleansed?
Thanks,
W.>
Guest190829
09-30-2008, 05:31 PM
Just want to check something.
Variables used with $userdata->set , are these cleansed by vbulletin or do you have to clean the variable before saving to the users profile?
EG: $userdata->set('user_referrer', $user_referrer);
Thanks,
W.>
If it's a standard vBulletin data field being managed by a built in datamanager, you can assume it is being cleansed already.
woostar
09-30-2008, 05:53 PM
Hi Danny :)
Basically I want to save
$_COOKIE[COOKIE_PREFIX . 'user_referrer'] (Holding members first visit $_SERVER['HTTP_REFERER'])
using the register_addmember_process hook
But as a cookie can be manipulated I wondered if it needs to be made safe of if vB does it.
Guest190829
09-30-2008, 11:45 PM
Well the referer itself can be manipulated, is there a field in the database for that already? If not, you need to adjust the vBulletin datamanager before using it to add such a field.
woostar
10-01-2008, 11:37 AM
The mod is running and works (if just puts where the user came from on their file).
All I need to know is if data stored in the users profile using $userdata->set is made safe for the database. What I'm worried about is someone writing a SQL injection into $_COOKIE[COOKIE_PREFIX . 'user_referrer']
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.