Thread: DigiChat Integration V3.03
View Single Post
  #8  
Old 07-05-2005, 01:06 AM
ummahforums ummahforums is offline
 
Join Date: Jul 2004
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hi,

I noticed that when users have an apostrophe (this character: ' ) in their username, it causes cause SQL errors in chatlauncher.php. You just need to add slashes (using the PHP function addslashes) in the DB queries where usernames are mentioned, i.e. lines such as these:

PHP Code:
$userprofilefields=$DB_site->query("SELECT homepage
                                  FROM user
                                  WHERE username = '$bbuserinfo[username]'"); 
What I did to fix it was to add this at the start:

PHP Code:
$slashedusername addslashes($bbuserinfo[username]); 
Next I changed the $userprofilefields line quoted above to this:

PHP Code:
$userprofilefields=$DB_site->query("SELECT homepage
                                  FROM user
                                  WHERE username = '$slashedusername'"); 
I also made use of the htmlspecialchars function so that usernames with apostrophes wouldn't mess up the HTML. So line 68 of chatlauncher.php (English version) becomes:

PHP Code:
$nickname=htmlspecialchars($bbuserinfo[username], ENT_QUOTES); 
Line 217 becomes this:

PHP Code:
$realname=htmlspecialchars($bbuserinfo[username], ENT_QUOTES); 
And finally line 206 becomes this:

PHP Code:
$applet_string htmlspecialchars((implode(",",$buddy_names)), ENT_QUOTES); 
Similar things will have to be done for exit message etc., but this fixes the main problem for my site (as we have a few users with usernames like this: user'name).
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01218 seconds
  • Memory Usage 1,779KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_php
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete