Thing is the website allows :'s
But nothing else is allowed, yet, I cant find in protector where it excludes checking for :'s for the url feild
REGISTERFORM.php
// Steam Verifcation
$reg_form->addElement(new XoopsFormText("Steam Profle", "url", 25, 255, $myts->htmlSpecialChars($steam)));
$reg_form->addElement(new XoopsFormTextSteam("Your Steam ID", "steamid",23, 23, $steamid), true);
$reg_form->addElement(new XoopsFormText("Your Steam Verifcation Code <a href='whatsthis.html' target='_blank'>?</a>", "steamvar",11, 10, $steamvar), true);
REGISTER.php
$steamid = isset($_POST['steamid']) ? $_POST['steamid'] : '';
$steamvar = isset($_POST['steamvar']) ?
$myts->stripSlashesGPC($_POST['steamvar']) : '';
include(XOOPS_ROOT_PATH . "/header.php");
$xoopsTpl->assign('xoops_showrblock', 0); // 1 display right blocks
$xoopsTpl->assign('xoops_showlblock', 0); // 1 display right blocks
2007/8/29 11:41:08 Guests 200.46.200.3
libwww-perl/5.43 ISOCOM Isolated comment-in found. (17400/*/newbb/print.php?forum=*topic_id=*http://148.245.107.2/.ssh/safe.txt?)
2007/8/29 11:31:38 Guests 222.236.44.50
libwww-perl/5.79 ISOCOM Isolated comment-in found. (17400/*/newbb/print.php?forum=*topic_id=*http://148.245.107.2/.ssh/safe.txt?)
function protector_prepare()
{
// FIND //
// check the access is from install/index.php
if( defined( '_INSTALL_CHARSET' ) ) die( 'To use installer, remove protector's lines from mainfile.php first.' ) ;
// Protector class
require_once dirname(dirname(__FILE__)).'/class/protector.php' ;
// add Below //
if (isset($_COOKIE["xoops_banned"]))
{
// Set the banned cookie for a year, reset it every time the user visits. (Thanks to Merlin Sythove)
setcookie( "xoops_banned", true, time() + (365 * 24 * 3600), "/", "yourdomainname.co.uk", "0" );
die('You are banned');
}
// FIND//
// bad_ips
$bad_ips = Protector::get_bad_ips() ;
foreach( $bad_ips as $bad_ip ) {
if( $bad_ip && substr( @$_SERVER['REMOTE_ADDR'] , 0 , strlen( $bad_ip ) ) == $bad_ip ) {
// ADD line// setcookie( "xoops_banned", true, time() + (365 * 24 * 3600), "/", "yourdomainname.co.uk", "0" );
die( 'You are registered as BAD_IP by Protector.' ) ;
}
}