That isn't stopping me from writing one.
1 2005-06-09 22:53
Re: chat (32 replies, posted in PunBB 1.2 modifications, plugins and integrations)
2 2005-06-09 02:16
Re: HTML vs. XHTML (12 replies, posted in Programming)
XHTML is the new standard in webdesign. It is more strict and professional than HTML.
3 2005-06-09 02:10
Re: chat (32 replies, posted in PunBB 1.2 modifications, plugins and integrations)
I am in the process of writing a shoutbox script/mod for punBB
4 2005-06-09 02:01
Re: Small exploit in announcements. (5 replies, posted in PunBB 1.2 bug reports)
Well, this kid knows absolutely nothing about HTML. I set the forums up for him, and he had no idea what he was doing.
You could make it so that it checks their HTML for validity.
$xml = xml_parser_create();
$data = ????
if(xml_parse($xml, '<post>'.$data.'</post>', TRUE))
// Valid XML
else
// Not valid XML
xml_parser_free($xml);
5 2005-06-04 02:36
Topic: Small exploit in announcements. (5 replies, posted in PunBB 1.2 bug reports)
My friend made this error on his punBB boards.
He was changing his announcements that display at the top of every page.
He included a hyperlink, but made a typographical error that looked like this:
<a href="kajsdfjsldfsd.php'>click here</a>
As you can see, the ' was used instead of the ".
I tried to change the announcement in the actual sql itself but for some reason (I havn't looked at the code too much) it wouldn't change the announcement.
What it did was alter the HTML of the entire site. Nothing showed up properly, and if I had thought about it at the time I would have taken screengrabs. It WAS at about 3:00AM. The forums were very difficult to navigate though, and it had even altered it so that he could not go into the admin options and change it.
To fix it, I had to manually go into the header.php file and throw in a str_replace around the announcement variable that changed all 's to "s.