auroraadmintraining.info > Fixes, Mods, Help etc.  > Aurora Security Updates > Security Fix: Memebers/composeMsg.php & Members/contact.php
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Security Fix: Memebers/composeMsg.php & Members/contact.php  (Read 228 times)
757jterrell
Administrator
Hero Member
*****
Offline Offline

Posts: 1637



View Profile WWW
« on: July 30, 2011, 05:48:13 PM »
This will prevent an xss attack on these pages. These 2 pages that are almost the exact same.

This is included in the SDR 3, 8-1-11 Update.

Members/composeMsg.php,  go to line 84 to 86 and you will see this set of codes:

<tr>
   <td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">$messages</textarea></td>
</tr>

Change the middle line to look like this:

<tr>
   <td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">". htmlspecialchars($message, ENT_QUOTES)."</textarea></td>
</tr>

Now lets do the other page, go to your members/contact.php and go to lines 84 to 86 were you see this set of codes:

<tr>
   <td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">$messages</textarea></td>
</tr>

Change the middle line to look like this:

<tr>
   <td colspan=2><textarea name=\"message\" style=\"width: 100%; height: 200px\">". htmlspecialchars($message, ENT_QUOTES)."</textarea></td>
</tr>


Also on both pages add the following:

after $includes[title]="Compose Message";
ADD:
$error = '';
« Last Edit: July 31, 2011, 08:34:36 AM by 757jterrell » Logged
Upgrade to an SDR 3
chicoi08
Full Member
***
Offline Offline

Posts: 237


View Profile WWW
« Reply #1 on: July 30, 2011, 07:00:37 PM »
Thank you for posting!
Logged
BuxOverFlow.com - Advertise with US
Get a SDR 3 NOW at http://ptcfactory.info

The best and most up to date Aurora script in the market!!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: