Announcement

Collapse
No announcement yet.

Minor Security Flaw?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Minor Security Flaw?

    I tried to post this in bugreport but did not get access despite me being on the list to enter members area, which i also can.



    replacement variable with space = replacement variable that renders after first post

    when you edit this post all the replacement variables are indeed replaced.
    Should i be able to do this from a post?
    And these are only the default replacement vars, probably when people find out the ones you defined you'd better be carefull what you replace with this mechanism, try to be conservative on url's in replacement vars.

    Thanks for your attention...
    Bas.

    --------------------------------------------------------------------

    {calbgcolor } = #DFDFDF
    {calbirthdaycolor } = #000000
    {caldaycolor } = #000088
    {calprivatecolor } = #880000
    {calpubliccolor } = #008800
    {caltodaycolor } = #F1F1F1
    {categorybackcolor } = #606096
    {closedthreadimage } = images/threadclosed.gif
    {contenttablewidth } = 100%
    {firstaltcolor } = #F1F1F1
    {hovercolor } = #FF4400
    {htmldoctype } = <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    {imagesfolder } = images
    {linkcolor } = #000020
    {newthreadimage } = images/newthread.gif
    {pagebgcolor } = #FFFFFF
    {pagetextcolor } = #000000
    {replyimage } = images/reply.gif
    {secondaltcolor } = #DFDFDF
    {tablebordercolor } = #555576
    {tableheadbgcolor } = #8080A6
    {tableheadtextcolor } = #EEEEFF
    {tableinnerborderwidth } = 1
    {tableinnerextra } =
    {tableinvisibleextra } =
    {tableouterborderwidth } = 0
    {tableouterextra } =
    {tablewidth } = 100%
    {textareacols_IE } = 70
    {textareacols_NS4 } = 50
    {textareacols_NS6 } = 40
    {timecolor } = #666686
    {titleimage } = images/vBulletin_logo.gif
    Last edited by tubedogg; Sun 3 Feb '02, 12:59pm.
    The Knowledge Emporium

  • #2
    I edited your post but the replacement variables with spaces did not change.

    Changing replacement variables in posts is not a security flaw or bug, it is feature. If you don't want them replaced in a certain post, check the 'Disable Smilies in This Post' box when posting.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X