Page 1 of 1
FORUM problem!! (not a PB bug but a forum BUG)
Posted: Thu Jun 29, 2006 4:15 pm
by Jan Vooijs
I discovered that it is possible to mangle any code inserted into a forum post.
By using a precise string of characters the previous source code is 'hidden' from site (but it is still there) this opens a possibility to put "special" code here to execute when tried (to run) at home on your end (private).
Very big problem in my view. I do not dear to proof it but it could be done.....
UPDATE:
No the code is really mangeled and no possiblilty to hide code. But any source code displayed is wrong for 4 to 6 lines PRIOR to the "special' string.
/UPDATE
Jan V.
Posted: Thu Jun 29, 2006 4:20 pm
by Fred
It's not a pb problem. Forward that to the phpbb team...
Posted: Thu Jun 29, 2006 4:25 pm
by Jan Vooijs
Sorry Fred (your quick),
I new it was NOT in PB but did not realise to put it here.
How do I forward this to the "phpbb team" (never done such thing).
(edit)
Found the link on the last line of OUR forum!! But where can I find which version of the forum we (ahem YOU) are using i thing those guys want to know that I would?!
(end edit)
By the way the problem is (after testing) an line starting with ";>>" so a semicolon and TWO ">" then 5 lines previous to the ;>> are gone??
Jan V.
Posted: Thu Jun 29, 2006 4:58 pm
by Joakim Christiansen
Just disable html in your posts and I think(know) it should work!
Posted: Thu Jun 29, 2006 5:34 pm
by Jan Vooijs
Joakim Christiansen wrote:Just disable html in your posts and I think it should work!
Joakim,
It happens if you use the two CODE tags so we can beautify our code posted on the forum. And i think that has nothing to do with HTML, because i have STANDARD "Disable HTML in this post" set OFF all the time.
look at this:
Code: Select all
with a problem:
Procedure ClipboardUpdateIsOn()
Shared update_on, clipboard_name$, clipboard_contents$, status_bar_text_temp$, current_number
clipboard_name$ = GetGadgetText(#CATEGORY_LIST)
clipboard_contents$ = clipboard_name$+Str(current_number)
SetClipboardText(clipboard_contents$)
status_bar_text_temp$ = "Clipboard: "+clipboard_contents$
If status_bar_text_temp$ <status_bar_text>> WindowEvent()
Delay(1)
EndIf
EndProcedure
now look at this:
look at this:
Code: Select all
NOT with a problem:
Procedure ClipboardUpdateIsOn()
Shared update_on, clipboard_name$, clipboard_contents$, status_bar_text_temp$, current_number
clipboard_name$ = GetGadgetText(#CATEGORY_LIST)
clipboard_contents$ = clipboard_name$+Str(current_number)
SetClipboardText(clipboard_contents$)
status_bar_text_temp$ = "Clipboard: "+clipboard_contents$
If status_bar_text_temp$ <> status_bar_text$
StatusBarText(#StatusBar,0,status_bar_text$)
EndIf
If update_on = 1
If GetAsyncKeyState_($11)
If GetAsyncKeyState_($56)
; CallDebugger
current_number = current_number + 1
Debug "innerloop : " + Str( current_number)
clipboard_contents$ = clipboard_name$+Str(current_number)
SetClipboardText(clipboard_contents$)
Delay(Val(GetGadgetText(#SENSITIVITY)))
EndIf
EndIf
; WindowEvent()
Delay(1)
EndIf
EndProcedure
The only difference is that WITH the problem i used TAB characters in front of every line AND using ";>>" to start a comment deletes the previous 16 lines (16?? That is odd??)
But thanks
Jan V.