Shoutbox last character hack
Asked Modified Viewed 2,687 times
bite
bite 10
- Member, joined since
- Contributed 163 posts on the community forums.
- Started 5 threads in the forums
- Started this discussions
I just found what if last character in shoutbox is & or " or ' , in some situations it will get corrupted
Message:
In this case 111... is just to fill space, it can be any character except & or " or '.
Now replace * in message with & or " or ' , and see result, you can also try to add more characters to fill space, this will change cutting point of encoded character, for example:
with current filling:
' will be 
if we add one more 1
' will be &#
Funny eh? :D
_______
Explaining:
Message which will be inserted in to database is longer then 255 characters, because after stripinput some characters turn from one up to 6. This means what message can be up to 255*6 in length. To fix that: you must limit amount of characters in message who needs to be escaped or allow length of message in sql up to 1530.
Best solution: change shout_message field type to TEXT, this will not only fix problem, but will bring option to change shout_message length whiteout modifying sql!
Message:
Code Download source
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 [color=#cc0000]*[/color]In this case 111... is just to fill space, it can be any character except & or " or '.
Now replace * in message with & or " or ' , and see result, you can also try to add more characters to fill space, this will change cutting point of encoded character, for example:
with current filling:
' will be 
if we add one more 1
' will be &#
Funny eh? :D
_______
Explaining:
Message which will be inserted in to database is longer then 255 characters, because after stripinput some characters turn from one up to 6. This means what message can be up to 255*6 in length. To fix that: you must limit amount of characters in message who needs to be escaped or allow length of message in sql up to 1530.
Best solution: change shout_message field type to TEXT, this will not only fix problem, but will bring option to change shout_message length whiteout modifying sql!
Edited by bite on 05-07-2009 23:10,
There are no post found.
Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 0 posts
- Votes 0 votes
- Topic users 1 member
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions