Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Ponchito147

Pages: [1]
1
Items / Re: [RERELEASED] ]Magic 8 Ball
« on: February 15, 2008, 09:00:02 am »
You are the master.

2
Items / Re: [RERELEASED] ]Magic 8 Ball
« on: February 03, 2008, 01:27:16 pm »
I think you have a bug in your script:

Excuse my English. :-)

If an bad-intentioned user buys the Magic Ball, he can insert any html code in the "question" field. That´s very dangerous, because he can obtain the admin password, or hack the forum.....

Here is the solution:

You have to replace the code from $sizeof = count($answer); to </center>";  with this one:

$sizeof = count($answer);
   $random = (rand()%$sizeof);
//make the question a variable
        $cambiar = $_POST['question'];
// Change al the < and >
        $cambiar = str_replace("<","&#8249;",$cambiar);
        $cambiar = str_replace(">","&#8250;",$cambiar);
// print all in the page

return "<center><img src='http://xxxx.lomasinteresante.net/Sources/shop/xx/8ball.jpg' width=300 height=320><br />Tu pregunta fue $cambiar<br /><br />La bola responde:<br /><br />$answer[$random]</center>";

Note: Don´t forget to  change the path for your image and translate al to your language.

Pages: [1]