XSS Protection

[djboetz]

Hello,
I have worked with some XSS security because I think it is very important that you have XSS protection on your website.

Url for the codes: [HTML] djboetz - XSS Protection - Pastebin.com

Setup Guide for uberCMS:
1. Create xss.php in your www/htdocs folder.
2. Put the codes in xss.php between <?php CODES HERE ?>
3. Open every .php file in www/htdocs foder. (NOTE: NOT IN INC FOLDERS AND OTHERS)
4. Search for require_once "global.php";
4. If you find it. Add under that, this code: require_once "xss.php";
5. Well done, You are secure against XSS Attacks/Exploits 99%.

Please, Like the release if you want more releases from me.

[MentaL]

[Glee]

Awesome Thanks :)

[djboetz]

Awesome Thanks :)

No problem, Always here.

[Jordan]

Just throwing that class in will do nothing, it will never get called.

[djboetz]

Well done, Thread edited.
Edits:
It will call the codes to all pages if you follow the guide.

[leenster]

This will still do absolutely nothing. When you post a security fix you should really have tested it because some people will just come here then use it and think that they are all secure.

[djboetz]

This will still do absolutely nothing. When you post a security fix you should really have tested it because some people will just come here then use it and think that they are all secure.

It will. If you think not, Could you tell me how i can make it working then?

[Joopie]

It will. If you think not, Could you tell me how i can make it working then?

Then why are you releasing things when you don't even made/know how to set it up

[leenster]

I haven't worked with uber for a long time but check your global to see how classes are included. And I also haven't looked at the class too much (I'm on my phone) but then one of the functions need to be called for it to do anything.

I'm sure someone here will help you but if not then I will take a good look when I get home.
Posted via Mobile Device

[Burak77]

useless, htmlspecialchars() and htmlentities().

[djboetz]

Then why are you releasing things when you don't even made/know how to set it up

Can you read " If you think "? and i have coded this. There is nothing that can stop me when it is about coding. " Djboetz = God ".

I haven't worked with uber for a long time but check your global to see how classes are included. And I also haven't looked at the class too much (I'm on my phone) but the one of the functions need to be called for it to do anything.

I'm sure someone here will help you but if not then I will take a good look when I get home.
Posted via Mobile Device

I will done it, Dont worry. A new edit of this release will be made tomorrow.
Thank you for your suggestion.

useless, htmlspecialchars() and htmlentities().

It's not useless. It's about security, If you know what it is?

[Hejula]

It's not useless. It's about security, If you know what it is?

Is useless, like he said htmlspecialchars() and htmlentities() convert things like <, >, ", ', to their ASCII values, thus disabling the XSS exploit shit.

[Predator359]

Hum not bad ^-^"
I will take this for my CMS ^^

[djboetz]

Hum not bad ^-^"
I will take this for my CMS ^^

Enjoy it.

[Quackster]

http://quackster.net/xss.php?xss=%3C...Etest%3C/h2%3E