The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
input TYPE_STR , is it safe enough in this case ?
Hey !
I made a custom profile field , and datamanger was part of the process. so , here is what I did. PHP Code:
PHP Code:
This mod uses bbcode so I need double quotes here,(I missed up every thing when I used TYPE_NOHTML) does this looks safe enough to be used in my live forums ? and do I have to escape strings etc , or datamanger would take care of it. Thank you. |
#2
|
|||
|
|||
The vBulletin input cleaner will escape anything that would normally be harmful to the boards. So yes, that would work fine.
|
#3
|
|||
|
|||
It looks to me like clean_gpc with TYPE_STR just trims blanks off the ends and removes null characters. So if you don't want to allow html in that field you may need to do something else.
I guess you could try entering some html and see what happens. |
#4
|
||||
|
||||
TYPE_NOHTML will do your job...
|
#5
|
|||
|
|||
...except that the OP says that TYPE_NOHTML messed things up. Looking at includes/class_core.php it looks like cleaning a TYPE_NOHTML value does this:
PHP Code:
|
#6
|
|||
|
|||
Hi !
with a little test. vbulletin seems to parse bbcode with quotes. [color="Red"]test[/color] or even without them. [color=Red]test[/color] so I made the same function that kh99 provided but, with stripping every single html char so it replaced it with nothing. Thank you so much everyone for your input.:up: |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|