≡
Products
▼
Support
▼
Company
▼
Forum
Ambiera Forum
Discussions, Help and Support.
Create a new account
,
Search
, or Login:
Create reply in
integration shoutbox in cc6? any idea?
Posted by:
(you are not logged in)
Enter the missing letter in: "Internatio?al"
(you are not logged in)
Text:
[quote][b][/b] wrote: I think current implementation is pretty much safe. You can run into the issue if someone finds the way to change the chatlog file on the host machine. On the host I don't parse any strings I receive with the code, instead json_encode/json_decode, and array push are used. So in case object type of chatlog content is not array, everything should fail on step there the hacked message is added to the code. And until you receive an array, everything should be safe. In order to hack this system you need get a direct write access to the chatlog file. So basically, you need to get access to the filesystem by ftp or be able to modify it via the "add new message" script. Both ways don't seem like an easy thing to do. Overall, I believe, current implementation is pretty safe. But in case you want to play it safer you can change the following: [code]var msgsArr = eval('(' + data + ')'); [/code] to [code]var msgsArr = []; var slices = data.slice(1, -1).split(','); for(var i = 0; i < slices.length; i++) { msgsArr.push(slices[i].slice(1, -1)); }[/code] Which does pretty much the same without using eval. I mean, coppercube can read your files content and then send it to the Internet. Any game you download from the forum can potentially steal your data even without using eval:) Thank you for mentioning it, I'll add this comment to the video.[/quote]
Possible Codes
Feature
Code
Link
[url] www.example.com [/url]
Bold
[b]bold text[/b]
Image
[img]http://www.example.com/image.jpg[/img]
Quote
[quote]quoted text[/quote]
Code
[code]source code[/code]
Emoticons
Copyright© Ambiera e.U. all rights reserved.
Privacy Policy | Terms and Conditions | Imprint | Contact