- Readme First! - Read and follow the rules, otherwise your posts will be closed
There are currently, 192 guest(s) and 0 member(s) that are online. You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Any security risk when I change....... [ ]
Author
Message
fishlibrary
Nuke Cadet
Joined: Jun 26, 2004
Posts: 3
Posted:
Wed Aug 11, 2004 1:41 am
Any security risk when I change the code inside /modules/Your_Account/index.php as below?
Because I need to input chinese charater as user name!
Quote:
function userCheck($username, $user_email) {
global $stop, $user_prefix, $db;
if ((!$user_email) || ($user_email=="") || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$",$user_email))) $stop = "<center>"._ERRORINVEMAIL."</center><br>";
if (strrpos($user_email,' ') > 0) $stop = "<center>"._ERROREMAILSPACES."</center>";
if ((!$username) || ($username=="") || (ereg("[^a-zA-Z0-9_-]" ,$username))) $stop = "<center>"._ERRORINVNICK."</center><br>";
if (strlen($username) > 25) $stop = "<center>"._NICK2LONG."</center>";
TO
Quote:
function userCheck($username, $user_email) {
global $stop, $user_prefix, $db;
if ((!$user_email) || ($user_email=="") || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$",$user_email))) $stop = "<center>"._ERRORINVEMAIL."</center><br>";
if (strrpos($user_email,' ') > 0) $stop = "<center>"._ERROREMAILSPACES."</center>";
if ((!$username) || ($username=="") || (ereg("^[ ]" ,$username))) $stop = "<center>"._ERRORINVNICK."</center><br>";
if (strlen($username) > 25) $stop = "<center>"._NICK2LONG."</center>";
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12482
Posted:
Wed Aug 11, 2004 6:33 pm
madman
Support Mod
Joined: Feb 15, 2004
Posts: 806
Posted:
Thu Aug 12, 2004 12:16 pm
Code:
if ( !$username || ($username=="") || preg_match('/[\s\t\r\n\*\#\(\)\'\.\\",]+/', $username)) $stop = ""._ERRORINVNICK.";
You'll have to do the same thing to username filtering in whole Your_Account index.php code, if possible. For example, in docookie() function.
_________________I'm
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum