• If you were supposed to get an email from the forum but didn't (e.g. to verify your account for registration), email Wes at stararmy@gmail.com or talk to me on Discord for help. Sometimes the server hits our limit of emails we can send per hour.
  • Get in our Discord chat! Discord.gg/stararmy

Administrative Note

Status
Not open for further replies.

Wes

Founder & Admin
Staff Member
๐ŸŒธ FM of Yamatai
๐ŸŽ–๏ธ Game Master
Discord Booster
๐ŸŽจ Media Gallery
I conducted an edit of the viewtopic.php file in accordance with this post on PHPBB.com for security reasons.

Code: 
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {
was replaced with
Code: 
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {
 
There was a possibility someone could use quotes in a certain way in the highlight field to insert extra code and do stuff to people's cookies and other worse stuff.
 
Status
Not open for further replies.
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn moreโ€ฆ