What about strip_tags/htmlentries/real escape string
We don't need that hardcore function of you?
Also, Where is that post of kryptos, I wanna like it ;x
Edit: forgot filter_var...
What about strip_tags/htmlentries/real escape string
We don't need that hardcore function of you?
Also, Where is that post of kryptos, I wanna like it ;x
Edit: forgot filter_var...
Javascript exploits like putting <script>alert('You suck')</script> in your motto in the client and then go to the Online Users page and look at your motto. If it isn't filtered it would give you an alert "You suck".Originally Posted by pepijndut
True :p;PP
You can also do that with room descriptions if your cms shows your rooms.
Posted via Mobile Device
Thanks everyone =D. I now know what XSS is :P
Pepijn =D
There are some more things but the motto exploit is the most important one.
i hurd u no like indents or whitespace
XSS may refer to:
Cross-site scripting, a vulnerability in web applications which attackers may exploit to steal users' information
XSS file, a Microsoft Visual Studio Dataset Designer Surface Data file
Assan language, has the ISO 639-3 code xss
This is real crap.
You practicly stole this injection filter from web, and its so useless.
Past this in your config.php file. And you're done. That is all useless crap.Code:foreach($_GET as $key => $value){ $_GET[$key] = mysql_real_escape_string(htmlspecialchars(addslashes($value),ENT_QUOTES)); } foreach($_POST as $key => $value){ $_POST[$key] = mysql_real_escape_string(htmlspecialchars(addslashes($value),ENT_QUOTES)); } foreach($_REQUEST as $key => $value){ $_REQUEST[$key] = mysql_real_escape_string(htmlspecialchars(addslashes($value),ENT_QUOTES)); }
Agree. He is just reposting functions with some function.
WTH?! Nothing is even calling the function: function RemoveXSS($val).....
You're really dumb with PHP. You need to call the function if you add it.
omg?!?!. This guy thinks php does all the work itself >_<'
