• Registered: 2005-01-12
  • Posts: 7

Topic: Bypassing of censored words, breaking page validation, blank message.

Banned words: I'll use "fish" as an example. Doing the below will allow a user to post a banned word without it being censored:

fish

Breaking page validation: The following will make a page invalid:

This is a generic message with [b]bold and [i]bold-italic[/b] and italic text[/b]

Blank post: The following will let someone post a message with no viewable text in it:

I've tested all of the above on here, except for the banned word one, which I tested on my own comptuer.

Here is the topic: http://punbb.org/forums/viewtopic.php?id=5724
Sorry about the long string of WWWWW....WWWW, I was testing how it handled overflow. I may make you scroll a horizontally a bit.

  • From: TX, US
  • Registered: 2004-09-28
  • Posts: 46

Re: Bypassing of censored words, breaking page validation, blank message.

#1, the bypassing of the word filter, that is the same on every forum software I have ever used.  It's nothing new.

  • Registered: 2005-01-12
  • Posts: 7

Re: Bypassing of censored words, breaking page validation, blank message.

Strange... Ones I've worked with had no problem with censored word bypassing.

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: Bypassing of censored words, breaking page validation, blank message.

I'm aware of this and the things you posted in the test forum. It's just not something that's a high priority to fix. Yes, you can "trick" PunBB into generating invalid markup, but preventing anyone from doing so isn't as easy as it sounds.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: TX, US
  • Registered: 2004-09-28
  • Posts: 46

Re: Bypassing of censored words, breaking page validation, blank message.

Ricapar9x wrote:

Strange... Ones I've worked with had no problem with censored word bypassing.

and those "Ones" would be?

  • Registered: 2005-01-12
  • Posts: 7

Re: Bypassing of censored words, breaking page validation, blank message.

Richard wrote:

and those "Ones" would be?

Just random things I/friends/other people have worked on. None of those "major' forum softwares.
The current way censoring is set up, it's impossilbe to stop that bypassing. I didn't realize that censoring is done on the viewtopic.php page. It's not that big of a deal though imo.

Rickard wrote:

....but preventing anyone from doing so isn't as easy as it sounds.

PHP has an XML parsing function that does just that: http://us2.php.net/manual/en/ref.xml.php ^_~

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: Bypassing of censored words, breaking page validation, blank message.

You're suggesting we run the XML parser on the post before displaying it?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • Registered: 2005-01-12
  • Posts: 7

Re: Bypassing of censored words, breaking page validation, blank message.

It's up to you.
It depends how much importance you have for validation. It's very minor, and dosen't really affect the actual display of the page. I myself would just leave it as is, but then again I'm lazy sad

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: Bypassing of censored words, breaking page validation, blank message.

I just reacted to that because it will add considerable overhead to viewtopic.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website