Thread: [BUG] Blank white page with PHP Warning
View Single Post
  #7  
Old 02-28-2012, 09:49 PM
rpgamersnet rpgamersnet is offline
 
Join Date: Jul 2004
Location: Canada
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by gmhastings View Post
So for example, when I had finished playing a game, if I enter a comment next to my high scores.. this is what I get..

I type "Finally I get a good score!" ... it will show "Finally I get a good sce!" (the "or" removed)
If i typed something like "I think I upset the dealer in this game" then "upset" would be just "up" so whilst it more than likely removes the chance of some dodgy mysql going in - it is not quite the best. I'm not sure if it would be enough to just put a space after each of the words in the ibp_cleansql as probably other characters can be used..

I'm not sure why you are getting a white screen (or if you got any further) but at least this fuction below gets around using that stristr function ... but I think it would be best if a slightly improved solution is made really because otherwise potentially other legitimate mysql statements might get messed up by using this most recent correction..
I am not an expert, but yes this solution does seem kind of rushed and not the best option. I'd rather disable comments entirely then have random bits disappear and cause confusion. I am not a PHP expert, but there are plenty of commands to strip bad code out of user input.. can these commands not be applied to comments properly so they are only displayed and not executed? Why is the comment field vulnerable when other data input is not? I think something needs to change...
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01841 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete