PDA

View Full Version : STOP HTML in filed register page!



Oslo
February 13, 2013, 05:24 PM
Hello dear,

There is a big bug in register account page when you begin to register as a new user.
In field Username, Password, Name and Last name and other field, you can input html code, I thing this a big wrong, to let users their name with HTML code.

see this image how is looks when they input html code in field name or last name or any other field. 381

Viktor
February 14, 2013, 09:56 AM
Hello Oslo,

I have created some code and it should work like you want.

Please go to ftp://includes>>controllers>>registration.inc.php

find code:


/* submit form handler */
if ( isset($_POST['reg_step']) )
{
$profile_data = $rlValid -> xSql( $_POST['profile'] );
$account_data = $_POST['account'];



and add new code after:



foreach($profile_data as $key=>$val)
{
$profile_data[$key] = strip_tags($profile_data[$key]);
}

foreach($account_data as $key=>$val)
{
$account_data[$key] = strip_tags($account_data[$key]);
}


save and check again.

Morgan Bohman
February 14, 2013, 10:21 AM
Vik, are you going to implement this and other snippets of code that are correcting bugs in 4.2.0?

//Morgan

Viktor
February 14, 2013, 12:23 PM
I will explain the bug to our developers. They should solve this and many other things too in new version.

Oslo
February 14, 2013, 01:43 PM
Doesn't worked for me, there must give error when you input any html code in field, but still gives (Green Nike Icon) when I put any html code into username in password, and registered field without problem, and registered a new account.

On adding listing also title and other field have same bug.

Look this Tittle Listing 382

here is my code.


/* submit form handler */
if ( isset($_POST['reg_step']) )
{
$profile_data = $rlValid -> xSql( $_POST['profile'] );
$account_data = $_POST['account'];

foreach($profile_data as $key=>$val)
{
$profile_data[$key] = strip_tags($profile_data[$key]);
}

foreach($account_data as $key=>$val)
{
$account_data[$key] = strip_tags($account_data[$key]);
}

Viktor
February 14, 2013, 02:54 PM
Hello Oslo,

Did you added new code before create new account or not?

Oslo
February 14, 2013, 03:12 PM
Yes, I did.

The problem it is not only in the account registration page, the problem can be found also in adding new listing or edit new listing, everywhere.

Viktor
February 15, 2013, 04:19 AM
Hello Oslo,

for add listing go to: ftp://includes>>controllers>>add_listing.inc.php

find code:



if ( !$errors )
{
$reefless -> loadClass( 'Actions' );
$reefless -> loadClass( 'Listings' );
$reefless -> loadClass( 'Resize' );

$rlHook -> load('addListingAdditionalInfo');


and add new after it:



foreach($data as $key=>$val)
{
$data[$key] = strip_tags($data[$key]);
}


then open: ftp://includes>>controllers>>edit_listing.inc.php

find code:



if ( empty($errors) )
{
$reefless -> loadClass( 'Actions' );
$reefless -> loadClass( 'Resize' );

$rlHook -> load('editListingAdditionalInfo');


after it add new:



foreach($data as $key=>$val)
{
$data[$key] = strip_tags($data[$key]);
}


and create new listing again with html tags.