Search found 520 matches

by updown
Mon Jul 26, 2010 10:10 am
Forum: Custom BBCode Development and Requests
Topic: Custom BBCodes [Deprecated]
Replies: 3998
Views: 1178848

Re: Custom BBCodes

If you're really wanting to know, then the only thing I can suggest for you is to do some research on it. Sites like OWASP and CGISecurity would be a good place to start. Thanks! I understand your general position and the security-policy of phpBB.com. The problem is, that I HAVE TO use {TEXT} insid...
by updown
Sun Jul 25, 2010 1:56 pm
Forum: Custom BBCode Development and Requests
Topic: Custom BBCodes [Deprecated]
Replies: 3998
Views: 1178848

Re: Custom BBCodes

I have the same problem whenever I need to pass a specific attribute into an URL, where full TEXT support is necessary . Example: <a href="http://myurlxxxx.com/index.php?q={TEXT}">...</a> Is there a documentation or an example anywhere that helps judging the risk of an XSS-vulnerability w...
by updown
Fri Jul 23, 2010 8:35 am
Forum: Custom BBCode Development and Requests
Topic: Custom BBCodes [Deprecated]
Replies: 3998
Views: 1178848

Re: Custom BBCodes

Because you can break out of any tag that uses {TEXT} and create an XSS vulnerability. Thanks, I know the basics. But HOW is it even possible to break-out the tag when all special-chars are html-encoded? They aren't all encoded. All possible XSS-entries that I've tested doesn't work! Obviously ther...
by updown
Thu Jul 22, 2010 1:09 pm
Forum: Custom BBCode Development and Requests
Topic: Custom BBCodes [Deprecated]
Replies: 3998
Views: 1178848

Re: Custom BBCodes

Noxwizard wrote:Because you can break out of any tag that uses {TEXT} and create an XSS vulnerability.
Thanks, I know the basics. But HOW is it even possible to break-out the tag when all special-chars are html-encoded?
by updown
Wed Jul 21, 2010 6:46 pm
Forum: Custom BBCode Development and Requests
Topic: Custom BBCodes [Deprecated]
Replies: 3998
Views: 1178848

Re: Custom BBCodes

In ACP > Posting > Message > BBCodes the available tokens are even explained: {INTTEXT} Unicode letter characters, numbers, spaces, commas, dots, minus, plus, hyphen, underscore and whitespaces. INTTEXT doesn't allow " or other specialchars like < or >, but in some Urls you definately have to ...
by updown
Tue Jul 20, 2010 5:38 pm
Forum: Custom BBCode Development and Requests
Topic: Custom BBCodes [Deprecated]
Replies: 3998
Views: 1178848

Re: Custom BBCodes

I have the same problem whenever I need to pass a specific attribute into an URL, where full TEXT support is necessary. Example: <a href="http://myurlxxxx.com/index.php?q={TEXT}">...</a> FIRST: I need all chars available, including UTF8 and special chars for a correct URL. Is there an oth...
by updown
Sun Jul 11, 2010 11:45 am
Forum: Custom BBCode Development and Requests
Topic: Custom BBCodes [Deprecated]
Replies: 3998
Views: 1178848

Re: Custom BBCodes

Has this been posted before ? Displaying QR-Codes via Google Chart API http://code.google.com/intl/de/apis/chart/docs/gallery/qr_codes.html .. for all the Smartphone/App-Users out there ;) BBCode usage: [qrcode]{TEXT}[/qrcode] HTML replacement: <img src= "http://chart.apis.google.com/chart?cht...
by updown
Wed Jun 09, 2010 1:23 pm
Forum: phpBB Discussion
Topic: [SUGGESTION] Different password/PIN to ACP
Replies: 28
Views: 2989

Re: [SUGGESTION] Different password/PIN to ACP

A second password doesn't make anything more secure. The only argument for it would be, that it is not used as often as the standard-password and makes it possibly more secure for catching by unencrypted transmission. But practically, that doesn't help to make something more secure in anyway. A more...
by updown
Wed Jun 09, 2010 12:02 pm
Forum: phpBB Discussion
Topic: Discuss phpBB 3.0.7-PL1 released
Replies: 136
Views: 21446

Re: Discuss phpBB 3.0.7-PL1 released

Does that mean, that if I'm running 3.0.6 it is better or at least not critical not to update to 3.0.7-PL1? I would prefer not to update too often if not neccessary. I would like to wait for 3.0.8, update once and done... 3.0.7 has been a major update with several new features and respectable chang...
by updown
Wed Jun 09, 2010 11:51 am
Forum: [3.0.x] Support Forum
Topic: Certain username changes
Replies: 4
Views: 184

Re: Certain username changes

Forumation wrote:The 2nd one dont make sence..
It's vice versa, in fact. With that MOD, you only get change-requests - doesn't satisfy your needs. Just give the user's you want to additional permissions as described above, then they can change their name in the UCP for themselves without accessing ACP. :roll:
by updown
Mon Apr 05, 2010 8:09 pm
Forum: [3.0.x] MOD Database Releases
Topic: Private Message Moderation
Replies: 18
Views: 4690

Re: Private Message Moderation

Congratulations! ;)
Paul wrote:If you install this MOD you should consider informing your users about the ability that you have for reading PMs. While this might be legal, it does not mean your users will like it at all.
:lol: that's a good one!
by updown
Sun Apr 04, 2010 10:23 am
Forum: phpBB Discussion
Topic: Discuss: phpBB is now ASPbb [APRIL FOOLS 2010]
Replies: 138
Views: 15759

Re: Discuss: phpBB is now ASPbb

Rhet-or-Ric wrote:We'd want updates and bug fixes every year on the 1st of April and then add an alpha character to that year's version.
Why not being innovative and take unicode instead of alpha-chars? That let's some air for more than 17 times 65.536 years staying in this 4.0.1-Version - why hurry?
by updown
Thu Apr 01, 2010 9:02 pm
Forum: phpBB Discussion
Topic: Discuss: phpBB is now ASPbb [APRIL FOOLS 2010]
Replies: 138
Views: 15759

Re: Discuss: phpBB is now ASPbb

Hahaha nice. I like it! Lovin the "Internet Regulatory Code 16.8.16.b.b" :mrgreen: Anyone else catch onto that? 16=p, 8=h. p.h.p.b.b Love it. Happy April Fools! There's a couple of other subtleties. See if you can find them all :geek: First, Microsoft never "approaches", they cr...
by updown
Thu Apr 01, 2010 8:35 pm
Forum: phpBB Discussion
Topic: Discuss: phpBB is now ASPbb [APRIL FOOLS 2010]
Replies: 138
Views: 15759

Re: Discuss: phpBB is now ASPbb

link470 wrote:Hahaha nice. I like it! Lovin the "Internet Regulatory Code 16.8.16.b.b" :mrgreen: Anyone else catch onto that?
No, I found it unnecessary to read more than the headline... :D
by updown
Thu Apr 01, 2010 1:42 pm
Forum: phpBB Discussion
Topic: Discuss: phpBB is now ASPbb [APRIL FOOLS 2010]
Replies: 138
Views: 15759

Re: Discuss: phpBB is now ASPbb

ToonArmy wrote:
updown wrote:Ehmm, what does ASP stand for?

"Ascraeus Service Pack" :?:

:lol:
Active Server Pages: http://en.wikipedia.org/wiki/Active_Server_Pages
Thanks for the explanation.

http://en.wikipedia.org/wiki/Irony

;)

Go to advanced search