PhotoPost Community - View Single Post

Chuck S · October 5th, 2005, 12:06 PM

Yep has nothing to do with our present code

Your old code when you applied the hack in the old software wrote the information in real HTML format which is not good.

I altered an upgrade script to run htmlspecialchars on your product fields and all is good.

Now do realize I placed the ability for customers to be able to show html in products and reviews as a switch and give a stern warning. Vbulletin does much the same. Do realize you open your system up to security issues when you allow people to upload html and let it display on your site.

However number one requested thing in Reviewpost has always been to be able to display html so hense the ability to have it as a switch. But my warning stays the same

October 5th, 2005, 12:06 PM	#12 (permalink)
Chuck S Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,945	Yep has nothing to do with our present code Your old code when you applied the hack in the old software wrote the information in real HTML format which is not good. I altered an upgrade script to run htmlspecialchars on your product fields and all is good. Now do realize I placed the ability for customers to be able to show html in products and reviews as a switch and give a stern warning. Vbulletin does much the same. Do realize you open your system up to security issues when you allow people to upload html and let it display on your site. However number one requested thing in Reviewpost has always been to be able to display html so hense the ability to have it as a switch. But my warning stays the same __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding. Last edited by Chuck S; October 5th, 2005 at 12:09 PM.