Menu
▾
▴
#96 Hiscore: It is possible to submit any type of character.
It is possible to submit any type of character to the
hiscore list. This could be a possible security
issue.
The server code has to replace invalid characters
with spaces at earliest possible stage before
submitting the string to the database. (This is valid
for all strings sent to the database, ie score).
We have to decide wich characters that should be
allowed.
There will be a follow up problem if this is
implemented. It is possible to type any character in
the hiscore GUI, but some will be filtered without
warning, corrupting what the user has typed. Is this
possible to solve in some way?
Logged In: YES
user_id=667977
Current status on this bug is to read this security web page:
http://www.webbdesign.info/server_side_sprak/php/sakerhet.html
There hay be sollutions that allow all characters in the article. Find out best
sollution.