vb.org Archive
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)
-   -   Create Secure Mods (https://vborg.vbsupport.ru/showthread.php?t=154411)

TECK 09-28-2007 12:21 PM
Good article, AJ. Congrats. :)

Lionel 11-18-2007 03:38 AM
Excellent article, thanks for writing it.

vuiveclub 12-04-2007 06:21 AM
PHP Code:
$vbulletin->input->clean_gpc('g''id'TYPE_UINT); 
What's 'g' mean?
I've seen some code has 'r' or 'p'?

Guest190829 12-04-2007 06:25 AM
They are the some of the super globals:

g = $_GET, p = $_POST, r = $_REQUEST, and also c = $_COOKIE.

The above are all valid and alters what content the cleanser sanitizes.

More information can be found in the PHP manual:

http://us.php.net/variables.predefined

Tefra 12-13-2007 10:56 AM
vB doesn't seem to use htmlspecialchars_uni when displaying the fields it uses htmlspecialchars_uni only during the update/insert of the TYPE_STR fields, so if we do that we are on the safe side right ?

I am asking cause some of the opinions in this thread really messed up with mine :erm:

1. Use the vBulletin Input Cleaner!
2. Use the htmlspecialchars_uni to clean the TYPE_STR vars from the vBulletin Input Cleaner
3. Use the $db->escape_string() to insert/update/replace values

If you use again the htmlspecialchars_uni during display or in the inputs things get ugly.

The only exception in this rule is the text columns that you might want to use html instead of bbcode. In this case you don't use htmlspecialchars_uni to clean the $vbulletin->GPC['message'] but you use the htmlspecialchars_uni during the edit on the textarea.


All times are GMT. The time now is 12:30 PM.
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01559 seconds
  • Memory Usage 1,724KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete