allistera Posted April 20, 2008 Share Posted April 20, 2008 Hey I'm looking for all feedback to this blog that I created in PHP, please tell of any errors etc http://allistera.110mb.com/blog/ Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/ Share on other sites More sharing options...
Coreye Posted April 20, 2008 Share Posted April 20, 2008 Full Path Disclosure: http://allistera.110mb.com/blog/index.php?page[] Fatal error: Unsupported operand types in /www/110mb.com/a/l/l/i/s/t/e/r/allistera/htdocs/blog/index.php on line 22 Cross Site Scripting: You can submit ">code when adding comments. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-522246 Share on other sites More sharing options...
allistera Posted April 20, 2008 Author Share Posted April 20, 2008 Ok fixed the CSS problem, working on the full path disclosure. Thanks, if any more please post. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-522256 Share on other sites More sharing options...
allistera Posted April 20, 2008 Author Share Posted April 20, 2008 What would I do to go around the Full Path Disclosure problem? I have tried using the is_numeric function, but thats not working... Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-522278 Share on other sites More sharing options...
allistera Posted April 21, 2008 Author Share Posted April 21, 2008 Ok fixed the Full Path Disclosure problem Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-522712 Share on other sites More sharing options...
FlyingIsFun1217 Posted April 21, 2008 Share Posted April 21, 2008 Seems to work well here, looks nice actually. Might I suggest a different host if you are going for something free? Check out Freeweb7, I've never had anything but a great experience with them. FlyingIsFun1217 Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-523267 Share on other sites More sharing options...
Coreye Posted April 22, 2008 Share Posted April 22, 2008 You can write blank comments and a blank username. Easy to spam. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-523613 Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 "You can write blank comments and a blank username." Fixed, and if I get spam I can delete it through the admin panel. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-524219 Share on other sites More sharing options...
NikkiLoveGod Posted April 23, 2008 Share Posted April 23, 2008 But manually deleting spam is bloody annoying! But try to scale down a bit the topics there. the <h1> Size is way too big to that. I would change them to h2, where they would not be that huge, but this ofcourse affects a bit to the SEO. Do it your style, but reduce the size a bit. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-524692 Share on other sites More sharing options...
moon 111 Posted April 23, 2008 Share Posted April 23, 2008 XSS: Type in Click Me! as a comment and it will have a pop up. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-524876 Share on other sites More sharing options...
allistera Posted April 23, 2008 Author Share Posted April 23, 2008 Thanks, I think im going to re-write the whole comment section, it's annoying hell out of me. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-525498 Share on other sites More sharing options...
moon 111 Posted April 24, 2008 Share Posted April 24, 2008 Oops! That is [url=javascript:alert('hi!')]Click Me![/url] and when clicked you will get a pop up. (obviously just an example. You can do much worse, like stealing their cookie, for example). Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-526332 Share on other sites More sharing options...
allistera Posted April 25, 2008 Author Share Posted April 25, 2008 Ok, re-wrote the comment system, should be ok. - Fixed the javascript url I might add a capcha system in the future. Link to comment https://forums.phpfreaks.com/topic/102047-solved-test-my-blog/#findComment-526709 Share on other sites More sharing options...
Recommended Posts