Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Diesel]

I have heard that the uploading display pictures form in preferences.php of mccodes v2 was vulnerable. I'm not familiar with security in the slightest bit, so I was wondering if someone else could post a quick patch to this. Thanks.

[JoshuaDams]

Quick Fix

mysql_real_escape_string($_POST['pic'])

Long fix is a bit more in depth :p

[HauntedDawg]

Quick Fix

mysql_real_escape_string($_POST['pic'])

Long fix is a bit more in depth :p

That' far from a fix xD

[Diesel]

That' far from a fix xD
[/quote]

Do you think you could post a more suitable fix then?

[JoshuaDams]

He said quick fix :p

just makes sure they don't enter certain chars in the box >,<

I use something a bit more...lengthy

[05timbyd]

You need about 10-15 line to fix it :/ ("At Least")

[Danny696]

Code: [Select]

<?php
$imgsize = @getimagesize($_POST['imgsrc']);//Change the post to the input one for prefs
if($imgsize === FALSE) {
echo'Please use a real image, and stop attemping to hack.';
event_add(1, $ir['username'].' attempted to add a file of some sort as their display pircture.');
}
exit;
}Add this to prefs (submitted pic change)

[CrimGame.com]

Code: [Select]

<?php
     $imgsize = @getimagesize($_POST['imgsrc']);//Change the post to the input one for prefs
 if( !is_array($imgsize) ) {
// error echo and so forth
 } elseif ( is_array($imgsize) ) {
// update MySQL and so forth
 }
     $h->endpage();
     die;
?>