Quote:
Originally Posted by davide101
WARNING
Hi, this script is currently NOT safe. A bot searched a dozen times for a malicious phrase and got a javascript redirect to load when the top searches were displayed. Luckily it was just a redirect that can easily be removed. I would disable search logging or fix the software ASAP less someone with a lot more evil intentions starts poking around.
|
Hello
many thanx for ur interest, but I dont know how you consider this to be Not safe! as tags are removed on listing queries on forumhome,
notice this code snippet, taken from the product:
PHP Code:
if(!in_array(strip_tags($put['query']), $censor_words)) $most_searched .= "<a href=\"search.php?do=process&searchstats=nocount&q=". $put['query'] ."\"><font size=\"".$r."\">" . strip_tags($put['query']) . "</font></a> ";
notcie the function strip_tags (read more about it at
php.net/strip_tags)
I see that this is enough to trim any malicious codes, as javascript tags are removed b4 listed on page
to unserstand what im saying please try to search for
Code:
<script, language="javascript">alert('hello');</script>
of course the alert will not appear, if it appears so almost u modified the Mod
thanx for ur interest again, and looking forward to hear from you
Regards
Mahmoud