What's new
Star Army

Star ArmyⓇ is a landmark of forum roleplaying. Opened in 2002, Star Army is like an internet clubhouse for people who love roleplaying, art, and worldbuilding. Anyone 18 or older may join for free. New members are welcome! Use the "Register" button below.

Note: This is a play-by-post RPG site. If you're looking for the tabletop miniatures wargame "5150: Star Army" instead, see Two Hour Wargames.

  • If you were supposed to get an email from the forum but didn't (e.g. to verify your account for registration), email Wes at [email protected] or talk to me on Discord for help. Sometimes the server hits our limit of emails we can send per hour.
  • Get in our Discord chat! Discord.gg/stararmy

Administrative Note

Status
Not open for further replies.
Wes

Wes

Founder & Admin
Staff Member
🌸 FM of Yamatai
🎖️ Game Master
Discord Booster
🎨 Media Gallery
I conducted an edit of the viewtopic.php file in accordance with this post on PHPBB.com for security reasons.

Code: 
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {
was replaced with
Code: 
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {
 
There was a possibility someone could use quotes in a certain way in the highlight field to insert extra code and do stuff to people's cookies and other worse stuff.
 
Status
Not open for further replies.
RPG-D RPGfix
Back
Top