July 31 2010 17:12:39
Navigation
Users Online
· Guests Online: 12

· Members Online: 0

· Total Members: 35,723
· Newest Member: watchufconvers
IRC Channel
Got an IRC Client?
Join our new IRC channel at

irc.freenode.com/phpfusion

Free IRC Clients: Wikipedia
Support Sites
Last Seen Users
· Falcon< 5 mins
· johnmonroe00:22:17
· kamfengeren00:26:05
· siliesse00:27:10
· bartek12400:39:46
· Fangree_Craig00:48:17
· Joci196800:51:23
· gittedl00:53:36
· Barspin01:06:10
· MerlinSt01:17:48
Donate
Another XSS exploit fix
SecurityOpen up maincore.php, look for this line in function parseubb (approx 373)

$message = preg_replace('#(<[^>]+[\\"\'])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$message);



Replace it with
$message = preg_replace('#(<[^>]+[\\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$message);



Then, Insert this line
$message = preg_replace('#([a-z]*)=([\`\'\"]*)jscript:#iUu','$1=$2nojscript...',$message);



Before
$message = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iUu','$1=$2nojavascript...',$message);




Then look for this line in function descript (approx line 406)
$text = preg_replace('#(<[^>]+[\\"\'])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$text);



Replace it with
$text = preg_replace('#(<[^>]+[\\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$text);



Then, Insert this line
$text = preg_replace('#([a-z]*)=([\`\'\"]*)jscript:#iUu','$1=$2nojscript...',$text);



Before
$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iUu','$1=$2nojavascript...',$text);


Ratings
Rating is available to Members only.

Please login or register to vote.

No Ratings have been Posted.
Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Member Poll
Which PHP version are you using?











You must login to vote.
RSS Feeds
- PHP-Fusion News
- SF File Releases
- SF News Releases
Shoutbox
You must login to post a message.

31 Jul 2010 15:47:15
Hey Polarfox, look here. http://www.fangre.
../index.php

31 Jul 2010 15:34:55
Where I can find the list of differences of 7.00 and 7.01?

31 Jul 2010 15:18:16
What's the news? Is 7.01 getting released tomorrow?

31 Jul 2010 11:53:26
heelo everyone

31 Jul 2010 05:04:21
I agree

30 Jul 2010 19:08:21
It's better to just stay .co.uk all the time now, it looks great. Wink

30 Jul 2010 19:04:27
Because we do not know when we can fix the problems with phpfusion-mods.com
.

30 Jul 2010 18:48:40
Hello! Pfft

30 Jul 2010 16:14:37
Really why's that? It's better to be on the .co.uk domain anyway. Shock

30 Jul 2010 16:09:48
No, the news has been edited, mods is up and running as a subdomain of php-fusion.co.uk

Render time: 0.06 seconds 70,452,296 unique visits