Nameless12 Posted May 31, 2007 Share Posted May 31, 2007 I always thought people who wrote the majority of php tutorials were noobs for a lot of reasons, but i really had no idea how stupid they could be. I was writing my own bbcode parser, and why looking for lists of bbcode params etc for my parser I came across some code http://elouai.com/bb2html.php.txt this code reminded me of many tutorials I saw a long long time ago before i learned anything about security. People who are writing tutorials etc should know better then to release code like this, millions of webpages will of copied the above technique... BBCode was invented as a security measure, code like the above is not secure and if you are going to code like that it is as insecure as html. I find it very odd that the phrase BBCode Injection is rarely heard of, I imagine this is probably one of the most common security flaws on the web. Quote Link to comment https://forums.phpfreaks.com/topic/53717-bbcode-rant/ Share on other sites More sharing options...
roopurt18 Posted May 31, 2007 Share Posted May 31, 2007 As long as you used it in conjunction with another function that stripped the HTML tags of it, I don't see a problem. Sometimes when writing a tutorial the author wants to cover everything in depth, but certain subjects would shoot off into a huge tangent of information irrelevant to the focus of the tutorial. Slap on the wrist for the author's not mentioning that its up to the reader to research security on their own though. Quote Link to comment https://forums.phpfreaks.com/topic/53717-bbcode-rant/#findComment-265675 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.