XenForo
Administrative
- Thread starter
- Admin
- #1
Hello.
Just found some small, but unpleasant bugor feature?
When using IMG tag, manually we can add in this tag any url, any info, not only image.
I mean
Code:
or
Code:
All these tags are parsing by Xenforo in such way:
It's very unsecure. This opens the possibility for attacks, phishing, disclosure of IP address, browser, refer and so on.
I suggest to add some verification procedure - to check is this real image (e.g. by...
Read more
ادامه مطلب...
Just found some small, but unpleasant bug
When using IMG tag, manually we can add in this tag any url, any info, not only image.
I mean
Code:
[img]http://google.com[/img]or
Code:
[img]http://127.0.0.1[/img]All these tags are parsing by Xenforo in such way:
It's very unsecure. This opens the possibility for attacks, phishing, disclosure of IP address, browser, refer and so on.
I suggest to add some verification procedure - to check is this real image (e.g. by...
Read more
ادامه مطلب...