Page 1 of 1
Personal log links are FUBAR
Posted: Fri May 02, 2008 1:36 pm
by RobinInDaHood
When typing a link to the stats page of a user in the personal log, the http: is being replaced with link:. This causes Firefox to throw a message stating that no program is associated with link:.
Here's an example of what I typed:
<a href="http://www.stargatewars.com/stats.php?id=37162">37162</a>
And it gets mangled into:
<a href="link://www.stargatewars.com/stats.php?id=37162">37162</a>
Please fix. I use the personal log all the time for my raiding list.
Re: Personal log links are FUBAR
Posted: Fri May 02, 2008 8:32 pm
by DaDigi
I believe that was put into effect to curve any hacking attempt using the log...
Re: Personal log links are FUBAR
Posted: Fri May 02, 2008 9:04 pm
by pc
RobinInDaHood wrote:When typing a link to the stats page of a user in the personal log, the http: is being replaced with link:. This causes Firefox to throw a message stating that no program is associated with link:.
Here's an example of what I typed:
<a href="http://www.stargatewars.com/stats.php?id=37162">37162</a>
And it gets mangled into:
<a href="link://www.stargatewars.com/stats.php?id=37162">37162</a>
Please fix. I use the personal log all the time for my raiding list.
Use:
<a href=stats.php?id=37162>37162</a><br />
or
<a href=stats.php?id=37162>37162<br />
Re: Personal log links are FUBAR
Posted: Sat May 03, 2008 2:52 am
by RobinInDaHood
DaDigi wrote:I believe that was put into effect to curve any hacking attempt using the log...
Perhaps, but it altered existing entries in the log as well as those that I had been adding. If Jason thinks that converting "http" to "link" will thwart hacking attempts, he's needs to spend some time with a few development books and learn proper coding techniques. SQL and HTML injection can be 100% solved in PHP with the addition of TWO (2) lines of code to your script.
I guess I'll go through the couple thousand entries and edit them to fit another, more "secure" format.
/sigh