security seems not a main priority in vb hacks

[AN-net]

Quote:

Originally Posted by Revan

I believe that if you use globalize() and set a field to be => INT, it does the same as intval()
I could be very mistaken, I haven't looked closely at the globalize(), but it sounds like sense to me


//peace

its always nice to be safe

[Dean C]

Quote:

Originally Posted by T3MEDIA

Nothing in code is impossable. If I seen it done (other software) it can be done (here).

Umm cheat code cartridges on a console are completely different from implementing a new feature for example.

[T3MEDIA]

Quote:

Originally Posted by Dean C

Umm cheat code cartridges on a console are completely different from implementing a new feature for example.

Its not the bible. Think out of the box on my example.

[Brad]

Quote:

Originally Posted by Revan

I believe that if you use globalize() and set a field to be => INT, it does the same as intval()
I could be very mistaken, I haven't looked closely at the globalize(), but it sounds like sense to me


//peace

Your are right, globalize is a nice little function. Heres a little overview of everything it dose.

Use INT and globalize will run this on the $var

PHP Code:

intval($var); 


If you use STR

PHP Code:

trim($var); 


If you use STR_NOHTML

PHP Code:

htmlspecialchars_uni(trim($var)); 


You can also use FILE, which takes $_FILES['$var'] and makes it $array['$var']

[filburt1]

If you just know what you're doing, you are usually safe. Half of it is common sense and the mantra that no user is trusted. Anytime you see a variable within a query, check it...any time you access a superglobal, check it...etc.

[sabret00the]

you know i only found out what the globalize done by accident it's a nice little feature though

[sabret00the]

Quote:

Originally Posted by T3MEDIA

What ever. what is wrong with the hacks.
you guys have who clicked install. tell them.

This site is helpful and a joke at the same time there should be a standard. Like to submit a hack it has to fall under x things.

Like I am not even a programmer and I know a simple solution. Have a hack installer. this is a standard all in one installer. (think of it like a gameshark) Now if you want to hack code you do. if you touch code (the installer has in its database) it will warn of a conflit. Then you must code to make it work for all hacks out there.

do that and boom no need for users to install them just click on the installer and it does it itself.

Then vb can watch the hacks and support them. Becuase the way your doing it now... you guys are setting yourself up for the fall and you guys dont even know it yet.

no thanks, the type of installer you're referring too is all too intrusive, the fact of the matter is, if you don't know how to hack manually you shouldn't be hacking your board at all, the mods here are by third party's not paid by jelsoft, it's one thing to set standards, it's another to say you must work in our way.

[filburt1]

Good luck writing such an installer...the one I wrote for vBMS which modifies/creates/etc. templates and replacements, commits db changes, creates scheduled tasks, and more, took forever to write. vB's internal workings, especially for styles, are far more complicated than vB2.

[Martyjp]

The problem with an installer is you then have to make the files writable on your server, which then opens up even more problems

[filburt1]

The vast majority of vB modifications can be done without editing a single stock file. It requires creativity.