[Completed] Local Scripting Flaw

Post Reply
Derek
Site Admin
Posts: 2476
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek » Mon Nov 25, 2002 5:11 pm

This is completely true, and we are aware of the potential dangers in allowing html in posts. This is a mature community and has mature users; we would never expect a malicious attempt at our board or its users.

Having said that, I’ll admit there is little use for html with the vast amount of functions available with bbcode. html is still active mainly because I have a use for it at this point in time, as message board modifications are in progress.

If there are any other potential security holes you (or anyone) would like to make, please contact me directly at: Derek@BP6.Com or Tim at: Tim@BP6.Com (Tim will forward security related mail to me).

I'll have more to say about html soon.

Derek
Site Admin
Posts: 2476
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek » Mon Nov 25, 2002 5:21 pm

Update: HTML temporarily disabled.

Derek
Site Admin
Posts: 2476
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek » Mon Nov 25, 2002 8:43 pm

null0 wrote:im not sure if phpbb2 group has been notified in regards to this issue, but disabling html will fix the local scripting flaw.
They should be 'in the know' on this one and release a patch. Thanks for the info null0.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest