Update to the tags mod search and the default search function for sNews
filed under: sNews CMS / Hacks & Mods
In having a discussion about the tags mod with Vic today, I discovered that when we return the tag requested, it could possibly contain malformed HTML, if a user has input it, i.e. http://www.mdj.us/tag/<table/. This could break the page layout, but only for the person inputting the bogus tag, this is not a security issue, the tag query and search itself is still sanitized via the clean and cleanXSS functions.
As I took this bit of code directly from the default snews search function, this exists in all default snews installs search function as well.
To test your site, simply perform a search for <table, if it breaks your page layout, you may want to fix it.
To update this on the tags mod, simply change the two instances of the following within the function tagsearch;
stripslashes($tags_query)
to
stripslashes(entity($tags_query))
I have updated this on the tutorial. Now to fix the default sNews install search, find the function search and change;
stripslashes($search_query)
to
stripslashes(entity($search_query))
That should do it, thanks for the head's up Vic!
2 comments
Add a new comment »Categories
Recent Entries
Recent Comments
- Redbeard (I managed to get Vampire: The Masquerade - Bloodlines ...)
- Tina (Installed this today and working like a charm :) Thanks!)
- Tina (Thanks for this great mod :) Working on my site for quite a ...)
- konga (Hi Matt, if you plan to update it, please have a look into ...)
- David (Yo Matt, I have a problem, when I use this mod. ...)
- Dave (Have a Toshiba NB305. Win7 starter would not do screen ...)
- Daichisan (Howdy Matt, I dont really get it, whats ...)
- Matt (Mine is just customized further, that's all :) It just spits ...)
- Matt (David, Do you own or admin the server? Do you have exec ...)
Popular Entries
- Compact archives for sNews 1.7 (5/5)
- Light-weight related articles mod for sNews 1.7 (4.78/5)
- SEF / SEO search for your sNews website (4.75/5)
- 1024x600 netbook wallpapers of Evangeline Lilly (4.67/5)
- Gravatar mod for sNews 1.7 (4.67/5)
- An improved tag cloud for sNews 1.7 (4.67/5)
- Image / math hybrid captcha version 2, vastly improved (4.64/5)
- An easy mod to create custom break titles for your sNews articles (4.6/5)
- Command & Conquer Generals, and the Zero Hour expansion on the Acer Aspire One netbook (4.6/5)
Apr 23rd, 2009 at 11:28 am
I just received your email, Matt! What a service!
Functions have been updated and, Vic was right.
So thanks to him and thanks to you too.
I really appreciate your kind help.
Apr 26th, 2009 at 6:10 am
Thanks for the theme. Quite struggle finding the right theme for my blog.
Hoping that U will stay for sNews.. :)
-Low Man-