PhotoPost Community - View Single Post

Chuck S · September 6th, 2005, 05:34 PM

I think I know what you mean and yes this would be correct as allowing it to be redone into html could render you to XSS cross scripting attacks.

I think this would be the way to go in reviews.php add the line in bold which just translates quotes and thats all

if ( VB35 == "on" ) $ereviews = htmlspecialchars($ereviews);
else $ereviews = htmlspecialchars(convert_markups($ereviews));

$ereviews = str_replace( "\"", """, $ereviews);

September 6th, 2005, 05:34 PM	#3 (permalink)
Chuck S Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,683	I think I know what you mean and yes this would be correct as allowing it to be redone into html could render you to XSS cross scripting attacks. I think this would be the way to go in reviews.php add the line in bold which just translates quotes and thats all if ( VB35 == "on" ) $ereviews = htmlspecialchars($ereviews); else $ereviews = htmlspecialchars(convert_markups($ereviews)); $ereviews = str_replace( "\"", """, $ereviews); __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding. Last edited by Chuck S; September 6th, 2005 at 06:42 PM.