•  

Forum

Moderated by: stefan, hombergs, xweber
Forum Index
OpenPhpNuke
     Bugs
     [BUG] bug with "onerror" event

Author Printer friendly page[BUG] bug with "onerror" event
Nurlan

Joined: November 17, 2004
Posts: 32
From: Kyrgyzstan


Send private message to Nurlan Visit website from Nurlan
Posted: 2005-06-27 14:02

Bug in OPN - users can hack OPN, It can be used in forum, guestbook, shoutbox and other modules, in which they can use HTML tags.
See test of this Bug here.



www.tamga.info

Quote Printer friendly page upwards
hombergs
Joined: April 14, 2003


Send private message to hombergs
ICQ AIM YIM MSNM
Posted: 2005-06-27 17:53

This happens when you activate all attributes for the tag in Settings HTML.
Cause then OPN will allow all attributes for this tag.
Maybe we should deactivate the JavaScript attributes.



H.O.M.B.E.R.G.S.: Hydraulic Obedient Machine Built for Efficient Repair and Galactic Sabotage

There are no problems, only defiances.

Quote Printer friendly page upwards
hombergs
Joined: April 14, 2003


Send private message to hombergs
ICQ AIM YIM MSNM
Posted: 2005-06-27 18:25

With Revison 3583 the HTML Settings has a new setting. Only Tag, All Attributes and All Attributes (Including JavaScript Events). When only All Attributes is selected OPN will filter out the onerror and onload event.
When you have more events to filter, please tell us this events. We will implement this events in the filter.



H.O.M.B.E.R.G.S.: Hydraulic Obedient Machine Built for Efficient Repair and Galactic Sabotage

There are no problems, only defiances.

[ This message was edited by: hombergs on 2005-06-27 18:29 (Original date 2005-06-27 18:25) ]

Quote Printer friendly page upwards
hombergs
Joined: April 14, 2003


Send private message to hombergs
ICQ AIM YIM MSNM
Posted: 2005-06-27 19:32

With Revision 3584n the filtering of the JavaScript events are made by a preg_replace call.
OPN filters now 19 known Events at the moment.



H.O.M.B.E.R.G.S.: Hydraulic Obedient Machine Built for Efficient Repair and Galactic Sabotage

There are no problems, only defiances.

Quote Printer friendly page upwards
sort by

Previous thread:  UNINSTALL
Next Thread:  Article - Import Word

Jump To:

Nickname:
 
Security Code
Security Code
reload

 
Page took 0.09336 seconds to load