Jump to content

Recommended Posts

I always thought people who wrote the majority of php tutorials were noobs for a lot of reasons, but i really had no idea how stupid they could be.

I was writing my own bbcode parser, and why looking for lists of bbcode params etc for my parser I came across some code

 

http://elouai.com/bb2html.php.txt

 

this code reminded me of many tutorials I saw a long long time ago before i learned anything about security. People who are writing tutorials etc should know better then to release code like this, millions of webpages will of copied the above technique... BBCode was invented as a security measure, code like the above is not secure and if you are going to code like that it is as insecure as html.

 

I find it very odd that the phrase BBCode Injection is rarely heard of, I imagine this is probably one of the most common security flaws on the web.

 

 

 

 

 

 

 

 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/53717-bbcode-rant/
Share on other sites

As long as you used it in conjunction with another function that stripped the HTML tags of it, I don't see a problem.

 

Sometimes when writing a tutorial the author wants to cover everything in depth, but certain subjects would shoot off into a huge tangent of information irrelevant to the focus of the tutorial.

 

Slap on the wrist for the author's not mentioning that its up to the reader to research security on their own though.

 

:D

Link to comment
https://forums.phpfreaks.com/topic/53717-bbcode-rant/#findComment-265675
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.