Hey everyone.
In Turkish boards, we have a tip.
This tip is solved "The Turkish letter issue" on hotmail.
Normally, When you send e mail to users, from admin panel.
Turkish letters are not showing.
So when you do this tip.
Sources / Subs-Post.php
if (preg_match('~@(yahoo|hotmail)\.[a-zA-Z\.]{2,6}$~i', $to_address) === 1)
Removing 2-6
I mean like this:
if (preg_match('~@(yahoo|hotmail)\.[a-zA-Z\.]{}$~i', $to_address) === 1)
Then problem solved. All Turkish letters are appering.
So. Is this create a security hole (or another) problem?
Any help would be great, Thanks.
So Hotmail fully supports international characters now?
That change prevents SMF from applying special functionality to email messages being sent to Yahoo or Hotmail email addresses. This functionality was put in place due to previous problems with Yahoo and Hotmail supporting international characters.
Quote from: Oldiesmann on November 01, 2008, 10:00:16 PM
So Hotmail fully supports international characters now?
Yes. so, Is this create a security hole (or another) problem?
That will cause that preg_match() not to function properly; always fail. Just prevents hotmail/yahoo fix to get working. It is the same as removing the hotmail fix completely.
Although preg_match() is used to validate the input for security mostly, in this case it is to decide if e-mail provider is hotmail/yahoo international one or not. Nothing related to security.
So, it is safe.
Thanks ;)
i have solved this problem this topic:
http://www.simplemachines.org/community/index.php?topic=199273.msg1765464#msg1765464
;)
this edit reason XSS attack.because include bad text,i know.
Example karlbenson's AVEAC Mod include pregmatch for this situation.
also i can know wrong this topic.i think karlbenson should look topic
Quote from: Sinan ANDIRMAN on November 02, 2008, 05:15:21 PM
i have solved this problem this topic:
http://www.simplemachines.org/community/index.php?topic=199273.msg1765464#msg1765464
;)
No you didn't.
You said that there is a security hole on this tip, and that's why I open this topic.
I wanted to learn if there is a really security hole.
For example of video mod:
[mynet]23472947[/mynet] like you intend
or
[mynet]343&badvariable=badbadbadbad[/mynet]
For security reasons (to prevent XSS attack) the variable that is passed should be checked and validated with a preg_match.
This ensures that hackers can't pass bad strings, and is to a good way to check that the variable passed is valid.
This is only example.I make a connection example to this topic
That is just one use of it. http://tr2.php.net/preg_match Also you can search the function in google to find some information in your own language. I'm sure it will be better.
hmmm i thank you for advice major Sinan.and i think karlbenson should look this topic