Issue Information
-
#000091
-
Issue
Issue Confirmations
-
Yes (1)No (0)
2
Minor glitch
This should be relatively self-explanatory.
Ehem... yeah. never seen that before... but unless you just have way to much free time and amazing photoshop skills, it's kinda undeniable... so I choose to remain undecided.
than why does it display my name everywhere else?
Some places have HTML disabled through the PHP. The notification menu just doesn't in this version of IP.Board.oh... well if Shockwave was open.... but it's not....sooooooooooo.... yeah....
than why does it display my name everywhere else?
#END QUOTEHEY! THAT'S ME!!
Ehem... yeah. never seen that before... but unless you just have way to much free time and amazing photoshop skills, it's kinda undeniable... so I choose to remain undecided.
Or a DOM editor, that would be easier. Anyway, the username should have the PHP function htmlentities() called on it. If it is truely being parsed as an HTML tag this could potentially be leveraged in an XSS attack.
Edited by JrMasterModelBuilder, Dec 13 2012 - 09:43 PM.
[quote name="<shockwave" timestamp="1355182946"]oh... well if Shockwave was open.... but it's not....sooooooooooo.... yeah.... than why does it display my name everywhere else?[/quote]
Interesting.oh... well if Shockwave was open.... but it's not....sooooooooooo.... yeah....
than why does it display my name everywhere else?
Edited by fishers64, Dec 12 2012 - 05:23 PM.
So, shockwave, I suggest you come up with a new display name, if you please.The < and > characters are blocked from display names in IP.Board so they should not have been able to use them. I'm not sure how they managed to use them in their name originally but they are blocked to prevent this type of issue so I recommend changing their name for them to remove these characters.
1 user(s) are reading this issue
0 members, 1 guests, 0 anonymous users
