Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[JoshuaDams]

My preg_replace skills arent that hot yet and i've yet to venture into that field

Besides the fact stripslashes(htmlentities appears to work just well.

Either way I'd recommend, but at least do one of them ><

[Jordan]

Besides the fact stripslashes(htmlentities appears to work just well.
Either way I'd recommend, but at least do one of them ><

Couldn't off said it better myself =]

[CrimGame.com]

I'd say Preg Match would be the better result but yes either way you do need to do something, it all depends on what your doing.

[Agon]

BUMP!

This thread is almost a shame for Mccodes. Maybe it should be deleted and re-written. Or maybe the fixes to these exploits should be posted.

[Danny696]

Mcc said they fixed it, shows how good it is right.
Cant wait till i get my copy of mcc 3

[kieranrobo]

cmarket.php----crystals hack that if the ID variable is not secured will max out a users crystals.

Ok i need a fix to this one FAST! A guy is threatning with flooding my game with points if i dont give him $100

Ive banned him but hes using proxys, and has 3 million crystles every time...

FIX FIX FIX!

[dominion]

sure i will fix it for $100? lol joke 

use the cmarket posted http://www.cronwerks.com/forum/cronwerks-free-mccode-mccodes-mods/(mccode)-secured-crystal-market/
do not use cronus' post use the one down a little by maketextgames

[JoshuaDams]

quick fix

open up header.php

$_GET['ID'] = abs((int) $_GET['ID']);

Or find one of many secured cmarkets lurking on the forums.

Or go through and secure your varibles when you have time.

Do not rely on just the $_GET['ID'] in the header to secure everything, but it will stop the script kiddies