Jump to content
MakeWebGames

Version 1.0.2 Released


a_bertrand

Recommended Posts

The new release offers increased security features. By default now, normal player cannot send HTML within any of the GET / POST variables. If this happen, an error will be displayed. You may of course disable this feature from within the admin panel.

The result of such function is that even if a module forget to use htmlentities or other filter function, the game should not be vulnerable to XSS attacks. That doesn't mean you should not anymore filter the inputs of the users, yet it adds another layer of protection.

The feature is disabled for admins as they should be able to edit tables and messages from the admin panel.

File changed in this version:

index.php

install/installer.php

config/config.php

libs/common.php

libs/template.php

templates/simple_brown/functions.php

and added a new module:

admin_html_filter

There is as well a new version of the dev version, which have a nicer PrettyMessage function however the feature of the HTML filter is not part of the DEV version.En

Enjoy!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...