The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
![]()
Just want to check something.
Variables used with $userdata->set , are these cleansed by vbulletin or do you have to clean the variable before saving to the users profile? EG: $userdata->set('user_referrer', $user_referrer); Does $user_referrer need to be cleansed? Thanks, W.> |
#2
|
|||
|
|||
![]()
If it's a standard vBulletin data field being managed by a built in datamanager, you can assume it is being cleansed already.
|
#3
|
||||
|
||||
![]()
Hi Danny
![]() Basically I want to save $_COOKIE[COOKIE_PREFIX . 'user_referrer'] (Holding members first visit $_SERVER['HTTP_REFERER']) using the register_addmember_process hook But as a cookie can be manipulated I wondered if it needs to be made safe of if vB does it. |
#4
|
|||
|
|||
![]()
Well the referer itself can be manipulated, is there a field in the database for that already? If not, you need to adjust the vBulletin datamanager before using it to add such a field.
|
#5
|
||||
|
||||
![]()
The mod is running and works (if just puts where the user came from on their file).
All I need to know is if data stored in the users profile using $userdata->set is made safe for the database. What I'm worried about is someone writing a SQL injection into $_COOKIE[COOKIE_PREFIX . 'user_referrer'] |
![]() |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|