[Completed] Local Scripting Flaw

Post Reply
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek »

This is completely true, and we are aware of the potential dangers in allowing html in posts. This is a mature community and has mature users; we would never expect a malicious attempt at our board or its users.

Having said that, I’ll admit there is little use for html with the vast amount of functions available with bbcode. html is still active mainly because I have a use for it at this point in time, as message board modifications are in progress.

If there are any other potential security holes you (or anyone) would like to make, please contact me directly at: Derek@BP6.Com or Tim at: Tim@BP6.Com (Tim will forward security related mail to me).

I'll have more to say about html soon.
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek »

Update: HTML temporarily disabled.
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek »

null0 wrote:im not sure if phpbb2 group has been notified in regards to this issue, but disabling html will fix the local scripting flaw.
They should be 'in the know' on this one and release a patch. Thanks for the info null0.
Post Reply