SMF Development > Fixed or Bogus Bugs
All 2.0.2 need to make these Changes to avoid Bug
Arantor:
JavaScriptEscape's change actually does what you need it to do. You can do both if you wish but it's really, really not necessary.
emanuele:
It should break anything, so fixed in the development branch:
--- Quote from: commit data ---commit e06a46164ba66db3bb4ab087c85ad24a369c0613
Author: emanuele
Date: Mon May 28 2012
Certain hosts could try to inject html using the <body> tag as a reference point (replacing it server-side), this could break all the javascript of the post page
--- End quote ---
phantomm:
--- Quote from: emanuele on May 27, 2012, 10:53:43 AM ---What I have in mind a simple edit in QueryString.php:
--- Code: (find) ---function JavaScriptEscape($string)
{
global $scripturl;
return '\'' . strtr($string, array(
"\r" => '',
"\n" => '\\n',
"\t" => '\\t',
'\\' => '\\\\',
'\'' => '\\\'',
'</' => '<\' + \'/',
'script' => 'scri\'+\'pt',
'<a href' => '<a hr\'+\'ef',
$scripturl => '\' + smf_scripturl + \'',
)) . '\'';
}
--- End code ---
--- Code: (replace with) ---function JavaScriptEscape($string)
{
global $scripturl;
return '\'' . strtr($string, array(
"\r" => '',
"\n" => '\\n',
"\t" => '\\t',
'\\' => '\\\\',
'\'' => '\\\'',
'</' => '<\' + \'/',
'script' => 'scri\'+\'pt',
'<body>' => '<bo\'+\'dy>',
'<a href' => '<a hr\'+\'ef',
$scripturl => '\' + smf_scripturl + \'',
)) . '\'';
}
--- End code ---
--- End quote ---
I can still reproduce this error on some hosts with this fix, if you need account:
user: testerek
pass: 87bgkbq
url: http://www.smf.iscool.pl/
Arantor:
The solution is for you not to use a crappy host.
phantomm:
Yeah, I know that, I'm not using crappy hosts :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version