TomCrow 0 Report post Posted January 18, 2005 It has come to our attention that a possible vulnerability may exist in Invision Power Board 1.3 and Invision Power Board 2.0.x. We have been unsuccessful in exploiting our test boards with the methods given to us but as a precaution we have added additional security in the code to prevent any possible attacks in this area in the future. .. (Quelle: forums.invisionpower.com ) sources/lib/post_parser.php function regex_font_attr 1.) return "<span style='color:".$IN['1']."'>".$IN['2']."</span>"; Darüber einfügen $IN[1] = preg_replace( "/[^\d\w\#\s]/s", "", $IN[1] ); 2.) return "<span style='font-family:".$IN['1']."'>".$IN['2']."</span>"; Darüber einfügen $IN['1'] = preg_replace( "/[^\d\w\#\-\_\s]/s", "", $IN['1'] ); Könnte das jemand bestätigen und ggf. "offiziell" machen..? mfg, Tom Share this post Link to post
Stefan 0 Report post Posted January 18, 2005 Danke, ich schau gleich mal kurz nach und veröffentliche es anschließend. :) Share this post Link to post
Andy 0 Report post Posted January 18, 2005 Danke @TomCrow für den Hinweiß, und @Stefan für den Einbau hier im Board :thumb_up: Share this post Link to post
Taker 0 Report post Posted January 20, 2005 Erfolgreich eingebaut, danke! Share this post Link to post