Loading...
 
Features / Usability

Features / Usability


Re: Re: Saving a new banner generates SQL Error

posts: 2881 United Kingdom

> alan8373:
> Damian,
>
> Is there a page or template I could look at? I've fixed issues before for phpNuke and I personally find Tiki to be much more complete both in breadth and depth of features so I'd love to put my 2 cents in to the project. If I can help out with this issue, I'd love to take a hack at it. I know php enough to figure stuff out and if you can point me in the right direction I'll see what I can do.
>
> Thanks,
> Alan
>

Ok, you'll need the tiki-setup.php file and look for the make_clean function, you'll see the embed and object in the regexp there. It was added for 1.8.2 so its not going to be an easy job of just removing it and commiting to CVS wink

For a perfect solution we would need some kind of hidden key passed from the banner form to let the code through without it being removed. just a post value isnt good enough as i could easily forge that on a custom it would need some kind of database table lookup as described on methods to prevent XSS and seasurfing, link below.

If you get lost in this, shout for me and we can battle it out on this thread smile

Damian

There are no comments at this time.

Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting