Hey all,

I have 2 sites running Dragonfly 9.0.6.1 with Guestbook4U v 0.9.
On BOTH sites new entries were made in the Guestbook on 1 April 2006 (!!!) via "Anonymous".
As admin I receive an email confirmation with the code in it, which I will not publish here. In can hower pm it if you want.

If I go to the Guestbook, it is displayed as normal,
BUT,
an automatic link is activate to www.rapmedia.org/

This might be entended as a joke (?) but how could this be done ???

And how can this be prevented ? Is there some leak in security ?

(am I the only victim of this bad joke ?)

Francis

Hi ...

You forgot to deactivate the BB-Code, and someone simply planted a flash-file in your GB
(with[flash])which directs browsers to rapmedia.org ...

Simply deactivate BB-Code in the future ...

and yes, the guy must have been quite busy, he also did it at one of my sites ...
(maybe he tried all 6, but only at one I forgot to deactivate BB-Code )

I already deactivated NBB in GB.

Still it is strange that if that code is posted in a forum using the qoute tag, the code is active and if posted using the php quote tag, the code is NOT active.

So the qoute tag does not filter the flash tag, maybe something for a new update ...

Thanks

Francis

Francis wrote:

I already deactivated NBB in GB. Still it is strange that if that code is posted in a forum using the qoute tag, the code is active and if posted using the php quote tag, the code is NOT active. So the qoute tag does not filter the flash tag, maybe something for a new update ... Thanks Francis

Well, the normal quote tag should not alter NBB tags, that would destroy the looks of the original post (no smilies, no textsize or colors) ...
on the other hand, the code, or here php tag was designed to prevent posted code from messing up the forum, so, that´s ok.

BUT, as I already requested at dragonflycms.org, the flash tag should be removed (via includes/nbbcode.php) ...