Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-30-2008, 05:29 PM
woostar's Avatar
woostar woostar is offline
 
Join Date: Aug 2006
Posts: 106
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default $userdata->set

Just want to check something.

Variables used with $userdata->set , are these cleansed by vbulletin or do you have to clean the variable before saving to the users profile?

EG: $userdata->set('user_referrer', $user_referrer);
Does $user_referrer need to be cleansed?

Thanks,
W.>
Reply With Quote
  #2  
Old 09-30-2008, 05:31 PM
Guest190829
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by woostar View Post
Just want to check something.

Variables used with $userdata->set , are these cleansed by vbulletin or do you have to clean the variable before saving to the users profile?

EG: $userdata->set('user_referrer', $user_referrer);

Thanks,
W.>
If it's a standard vBulletin data field being managed by a built in datamanager, you can assume it is being cleansed already.
Reply With Quote
  #3  
Old 09-30-2008, 05:53 PM
woostar's Avatar
woostar woostar is offline
 
Join Date: Aug 2006
Posts: 106
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi Danny

Basically I want to save
$_COOKIE[COOKIE_PREFIX . 'user_referrer'] (Holding members first visit $_SERVER['HTTP_REFERER'])
using the register_addmember_process hook

But as a cookie can be manipulated I wondered if it needs to be made safe of if vB does it.
Reply With Quote
  #4  
Old 09-30-2008, 11:45 PM
Guest190829
Guest
 
Posts: n/a
Default

Well the referer itself can be manipulated, is there a field in the database for that already? If not, you need to adjust the vBulletin datamanager before using it to add such a field.
Reply With Quote
  #5  
Old 10-01-2008, 11:37 AM
woostar's Avatar
woostar woostar is offline
 
Join Date: Aug 2006
Posts: 106
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The mod is running and works (if just puts where the user came from on their file).
All I need to know is if data stored in the users profile using $userdata->set is made safe for the database. What I'm worried about is someone writing a SQL injection into $_COOKIE[COOKIE_PREFIX . 'user_referrer']
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:35 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03716 seconds
  • Memory Usage 2,189KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (3)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete